France Continues To Focus On Use Of Biometrics

Author:Ms Liisa Thomas
Profession:Sheppard Mullin Richter & Hampton

The French CNIL (the country's data protection authority) has released rules for how companies can use the biometric information of their employees. Fingerprint scanning is a popular method for "clocking in" around the globe, and like the biometric laws in the US (in particular in Illinois, which we have written about here), it has fallen under scrutiny in France. Late last year the CNIL issued a fine for a company's use of fingerprint timeclocks, stating that use of biometrics could not be done without CNIL approval under the French Data Protection Act. Around the same time, the CNIL sought input on proposed regulations, which have now been adopted.

Under the regulations, companies that wish to use biometric scanning systems like facial recognition, fingerprint clocks, or retina scans will need, among other things, (1) to justify to the CNIL why it need to use these systems as opposed to another, less intrusive method, (2) have "rigorous" security measures in place to protect the biometric data, and (3) conduct a GDPR data protection impact assessment. With respect to the first element...

To continue reading