Swedish data protection authority issues first fine for biometrics use under GDPR

"Sweden-flag"

"Sweden’s data protection authority has issued a penalty of SEK 200,000 (US$20,650) to a school which used biometric facial recognition to record student attendance for violating Europe’s General Data Protection Regulation (GDPR).

The penalty is the first issued by Sweden’s regulator under GDPR, and while fines can reach SEK 10 million ($1 million), the amount of the fine imposed reflects the context of the offending party being a government authority, and the violation occurring as part of a limited trial. A high school in the town of Skellefteå used facial biometrics to conduct daily attendance checks in a trial that lasted three weeks, and included the data of 22 students, according to the regulator’s statement. School officials say consent was obtained from the students."

To read the original article: Click here