Fine SEK200k on use of facial recognition in Swedish school

Finally some action in Sweden!

The ruling is in Swedish, but to summarise the school was using facial recognition on its students. Facial recognition is biometric data, hence sensitive (special categories of data in the GDPR). They used consent as the legal basis but this was considered as unlawful due to the imbalance of relationship between the controller (school) and the data subject (student of 16+ yrs). Basically the student had no choice.

But there is more. The Swedish data protection authority based their decision on the following:

  1. Art 5 – personal data collected was intrusive and more was collected that was needed for the purpose
  2. Art 9 – the school did not have a legal exception to handle sensitive data. It is forbidden to collect sensitive data unless this is the case.
  3. Art 35-36 – seems that a DPIA was not done.

What does this mean to other schools or even any public or private entity looking to use intrusive biometrics? Do a data protection impact assessment (DPIA), from here you will be able to get a clean picture on the potential risk of harm to the rights and freedoms of the data subject.

For me personally and professionally, I’m just happy that China’s big brother approach has been nipped in the bud here in Sweden 🙂

Beware of school authorities bearing gifts ;-)

Picked up from Jack’s tweets….

According to the filings in Blake J Robbins v Lower Merion School District (PA) et al, the laptops issued to high-school students in the well-heeled Philly suburb have webcams that can be covertly activated by the schools’ administrators, who have used this facility to spy on students and even their families. The issue came to light when the Robbins’s child was disciplined for “improper behavior in his home” and the Vice Principal used a photo taken by the webcam as evidence. The suit is a class action, brought on behalf of all students issued with these machines.

This is scandel.. read more at boingboing.

Nothing to hide – CCTV in school toilets!

An excellent article on the use of CCTV, biometrics, databases, etc., in schools in the UK.

Can you imagine that on the uncertainly of whether CCTV should be permissible in toilets, Sayner (managing director of Proxis, a security installation company) reasons that “it depends exactly on what it is looking at,” adding that “If you’ve got nothing to hide, why should you object to that?” I just love this “nothing to hide” argument. For myself I’m not too keen on being the star on some camera footage when I visit the ladies room!