After a public consultation, France’s data protection authority, the CNIL, has adopted the model regulation "biometrics in the workplace." The CNIL’s model regulation states companies can install “biometric access control devices” as long as they comply with the agency’s rules. Organizations must be able to justify their use of biometric data and also follow obligations listed out in the EU General Data Protection Regulation. Employers must document any decisions they make with biometric devices, while data controllers are mandated to conduct a data protection impact assessment. The CNIL has set up a frequently asked questions page to help companies follow the new requirements. (Original article is in French.)
If you want to comment on this post, you need to login.