𝐁𝐢𝐨𝐦𝐞𝐭𝐫𝐢𝐜 𝐃𝐚𝐭𝐚 𝐨𝐟 𝐄𝐦𝐩𝐥𝐨𝐲𝐞𝐞𝐬 𝐢𝐧 𝐈𝐧𝐝𝐢𝐚- 𝐀 𝐆𝐫𝐞𝐲 𝐀𝐫𝐞𝐚 𝐮𝐧𝐝𝐞𝐫 𝐃𝐏𝐃𝐏𝐀,𝟐𝟎𝟐𝟑
The biometric data is stored by every employer for entry into premises and/or for marking presence on any given day in almost every organization.
Recently, the Italian Supreme Court held that it is necessary to obtain specific consent from employees for the use of biometric detection tools within companies.
Indian DPDPA,2023 is no exception to such requirement in as much as identified includes identifiers as well.
It is pertinent to understand that biometric data is often considered a “grey area” under data protection regulations due to its sensitive and unique nature. Biometric data refers to the physical and behavioural characteristics of an individual that can be used to identify or verify their identity. This can include fingerprints, facial recognition, iris scans, voice patterns, and even behavioural biometrics like typing patterns or gait analysis.
The sensitivity of biometric data arises from its potential permanence (biometric characteristics rarely change over time), its uniqueness (each individual’s biometric data is distinct), and its link to a person’s identity. Because of these factors, the processing and storage of biometric data raise specific challenges and concerns in the realm of data protection:
Because of these complex considerations, Organizations that collect and process biometric data need to carefully navigate these regulations, ensure strong security measures, obtain appropriate consent, and prioritize transparency and individual rights. It’s important to stay informed about the evolving legal landscape surrounding biometric data and take a well informed legal guidance to ensure compliance.
It is time for Indian companies to have specific consent for specified purposes amongst many other explicit consent of usage and processing of data of employees.
For any query or feedback, please feel free to get in touch with firstname.lastname@example.org or email@example.com