The Information Commissioner’s Office (ICO) has ordered Serco Leisure, a leisure centre group, to cease using facial recognition technology to monitor its staff. The ICO found that Serco Leisure had been unlawfully processing the biometric data of over 2,000 employees at 38 UK leisure facilities in order to track staff attendance, a practice deemed unfair and disproportionate.
Despite Serco Leisure claiming that the facial recognition technology was implemented to simplify clocking in and out for workers, the ICO found that employees had not been given a clear alternative to the collection of their biometric data. The company had also failed to demonstrate why this invasive practice was necessary when less intrusive methods, such as ID cards or fobs, could be used for staff attendance monitoring.
The UK Information Commissioner, John Edwards, criticized Serco Leisure for creating a power imbalance in the workplace and leaving employees feeling pressured to surrender their biometric data. He emphasized the unique risks associated with biometric data, as it cannot be reset like a password in the event of inaccuracies or security breaches.
In response to this incident, the ICO has released new guidance for organizations considering the use of employees’ biometric data, outlining how to comply with data protection laws. While some argue that facial recognition technology is an effective tool for safety and security purposes, privacy advocates raise concerns about its infringement on individuals’ rights as advancements in artificial intelligence make these systems more powerful.
