The imposition of the use of fingerprint or facial recognition as an entry method or time control by companies may have its days numbered. The Spanish Data Protection Agency (AEPD) has changed its criteria regarding the use of biometric systems for access control, both for work and non-work purposes (such as in gyms or private clubs). From now on, the agency will consider them prohibited systems unless there is an exceptional circumstance that justifies their use ahead of methods that do not use “high-risk” data.
The Agency has published this change in criteria in its recent “Guide to Presence Control Treatments using Biometric Systems”, which details the interpretation that it will make from now on to assess whether these methods comply with data protection regulations. An update that justifies the rapid evolution of this technology that now “even allows us to collect information without the person’s cooperation” or knowledge, as well as that artificial intelligence “can be used to infer additional information about people.”