Biometric technologies: The benefits versus the ethical dangers
With the emergence of digital identity and privileged access management technologies aimed at combating the growing cybersecurity threat, and the future workplace expected to be totally transformed by extended reality, the experts from international accounting and consulting network Baker Tilly have looked into the legal implications for employers in their use of biometric data – along with the ethical concerns around employee consent.
Employers today already commonly use a range of biometric tools for security, such as through fingerprint scanning or facial recognition to gain entry to sensitive worksites.
This surveillance is only set to increase, as demonstrated during the remote-working revolution brought about by the global pandemic, with employees being kept track of through key-stroke logging software and even video sensors to ensure they remain productive.
But when it comes to rights to privacy, contemporary and emerging biometric technology and data processing is considered by many another step up again, regardless of its potential benefits in reducing fraud and other crimes. Despite that, international policy remains a mish-mash by country, and is being continually outpaced by technological developments.
While tested in Australia, there is no clear workplace legislation in place. “There are a lot of advantages in applying this type of technology, but they are also very dangerous technologies,” comments Carmen Dinnella, an Associate Attorney at Baker Tilly in Italy. “Biometric data allows a unique identification of an individual, so for example if there is an identity theft you can’t replace it, you can’t change the data because it is unique. There are a lot of risks in using all these types of data.”
Baker Tilly notes that there are many efforts underway in Europe to stem the tide of biometric artificial intelligence, such as by banning facial recognition technology in public places or warning employers against the use of emotion recognition and by restricting fingerprint technology for time and attendance. But in Italy for example, there are no specific laws or regulations governing the use of biometric data in employment.
The firm highlights one local case. Despite employees providing their consent, the Italian Data Protection Authority fined the Enna Provincial Health Authority for the use of an attendance-monitoring system based on processing biometric data. The ruling determined that consent wasn’t valid because of the imbalanced nature of the employer-employee relationship and the disproportionate need for its use weighed against privacy.
Back in Australia, there are moves on facial recognition reform, highlighted by the case of ClearviewAI, which controversially scrapes pictures from social media for the benefit of law enforcement and has breached a number of privacy acts around the world.
It’s less clear however what’s being done in respect to advancing biomentric artificial intelligence and data collection as to employment law, and if there any legislative updates are in the works.