Banner1.png
Banner3.png

Editing AEPD - PS/00127/2020

From GDPRhub

Warning: You are not logged in. Your IP address will be publicly visible if you make any edits. If you log in or create an account, your edits will be attributed to your username, along with other benefits.

The edit can be undone. Please check the comparison below to verify that this is what you want to do, and then save the changes below to finish undoing the edit.

Latest revision Your text
Line 48: Line 48:
 
}}
 
}}
  
The Spanish DPA issued a warning to Iberia Líneas Aéreas de España for not informing their workers in accordance with Article 13 GDPR regarding a fingerprint clock-in system.
+
The Spanish DPA issued a warning to Iberia Líneas Aéreas de España for not informing their workers in accordance with Article 13 GDPR regarding a fingerprint clocking-in system.
  
 
==English Summary==
 
==English Summary==
  
 
===Facts===
 
===Facts===
Iberia Líneas Aéreas de España installed a new fingerprint clock-in system for their workers. They did it following the guidance of the General Labour Confederation. However, Iberia did not inform their workers about the aspects of the general information duty included in Article 13 GDPR.
+
Iberia Líneas Aéreas de España installed a new fingerprint clocking-in system for their workers. They did it following the guidance of the General Labour Confederation. However, Iberia did not inform their workers about the aspects of the general information duty included in Article 13 GDPR.
  
 
===Dispute===
 
===Dispute===
Line 59: Line 59:
 
Is this a violation of Article 13 GDPR?
 
Is this a violation of Article 13 GDPR?
 
===Holding===
 
===Holding===
The AEPD held that there had been a violation of Article 13. According to the Spanish authority, Iberia should have informed their workers about all the relevant aspects included in Article 13, informing in a clear, concise and complete way about the legal basis that allow such processing and about the rest of the relevant information, specially taking into account that the personal data involved are biometric data from Article 9.
+
progress
 
 
The AEPD took also into account the fact that Iberia offered information regarding the processing in their privacy policy since 2018 and, mainly, that they issued a communication to their workers regarding the processing of biometric data in October 2020. Because all of this, the AEPD imposed solely a warning on Iberia.
 
  
 
==Comment==
 
==Comment==

Please note that all contributions to GDPRhub are considered to be released under the Creative Commons Attribution-NonCommercial-ShareAlike (see GDPRhub:Copyrights for details). If you do not want your writing to be edited mercilessly and redistributed at will, then do not submit it here.
You are also promising us that you wrote this yourself, or copied it from a public domain or similar free resource. Do not submit copyrighted work without permission!

To edit this page, please answer the question that appears below (more info):

Cancel Editing help (opens in new window)

Template used on this page: