21 results were found for your search terms Biometric data
Implanting the facial recognition system to carry out the academic evaluations of FUOC university students.
The principle of application is violated, since the processing of biometric data by students is not included in any of the exceptions provided for in Article 9.2 GDPR, for the processing of special categories of data.
Report in relation to the Draft Order approving the Catalog of electronic identification and signature systems
The consent of the affected personnel cannot be considered an adequate legal basis for the implementation of a time control system through facial recognition such as the one described in the consultation. It would be necessary to foresee this control system in a legal provision or in an applicable collective agreement, or where appropriate, in a pact or agreement resulting from collective bargaining, circumstances that do not seem to occur in the case analyzed.In any case, before the implementation of such a system, it is necessary to make an assessment of the impact on data protection in light of the specific circumstances in which the treatment is carried out to determine its legality and proportionality, including the analysis of the existence of less intrusive alternatives, and establish the appropriate guarantees.
It is not for this Authority to define the means by which citizens can be identified by electronic means in administrative procedures, nor to determine whether an identification system can reliably guarantee the identity of the applicant. A system of identification of the interested parties that collects together with the data of the DNI or identification document of the interested party his image and voice, can have like legal base the exercise of public powers conferred to the person in charge of the treatment in relation to the functions identification of those interested in the procedure provided for in the administrative procedure regulations. If specific technical means are used that allow the unambiguous identification or authentication of an individual, it will involve the processing of biometric data and therefore special categories of data. In order for this data processing to be lawful and in accordance with data protection regulations, it must have the valid consent of the data subject and comply with the other principles of the RGPD, including the principle of minimization, so that, given the specific circumstances of the procedure or procedures in which it is intended to be applied, it passes the judgment of proportionality.
To treat biometric data it is necessary that one of the foreseen circumstances contributes to the article|item 9.2 RGPD that allow the treatment of special categories of data. With character previous to start the treatment, it is necessary to carry out an evaluation of impact related to data protection, when the treatment entails a high risk. In the collection of the data cash has to be made the law|right of information.
Biometric data subject to specific technical processing for biometric recognition purposes, whether in the form of identification or biometric authentication, should be considered as a special category of data. Thus, this consideration would be given to both the fingerprint, to which specific technical treatment is applied, when used for the purpose of authenticating the identity of a natural person, and the biometric signature obtained on a tablet, measuring the formation of letters, the direction of traits, pressure and other unique dynamic characteristics, insofar as it is submitted for specific technical treatment in order to confirm authorship.
Judgement in relation to the "Guide about the protection of personal data in the university in times of the COVID-19" elaborated by the CRUE
Judgement in relation to the “Guide about the protection of personal data in the university in times of the COVID-19” elaborated by the CRUE
The Town Council formulates a cosultation about the need or not of carrying out the Evaluation of Impact related to the data protection of the treatment of management of human resources that this Town Council carries out. The data processing of penal health and antecedents portrayed to the consultation, on the occasion of the treatment of the data of the human resources of the Town Council does not require an evaluation of impact related to the data protection. However, if the utilization of biometric data wants to start or it has started with posteriority in the 25 May 2018, it would be necessary to make an evaluation of impact related to the data protection with respect to this part of the treatment.
The use of a facial and fingerprint recognition system to control student attendance must be based on one of the exceptions provided for in article 9.2 RGPD. On the other hand, at the time of data collection, the right to information must become effective. In turn, when entrusting the provision of a service to a third party that involves access to personal data, it is necessary to sign the contract of data controller.
The inclusion of the biometric data, among them those of the digital impression, among the special categories of data foreseen by the RGPD it does not allow to go in an automatic way that the implantation of a system of hourly control based on the collection of this type of data can consider itself proportionate and, therefore, in agreement with the principle of minimization. It is necessary to make an evaluation of the impact about the data protection in view of the circumstances concrete in what the treatment is carried out to determine the legitimacy and the proportionality, included the analysis of the existence of alternatives less intrusives, and to establish the suitable guarantees.