February 26, 2024 at 07:50AM
The UK’s data protection watchdog issued an enforcement notice to halt Serco’s use of facial recognition and fingerprint scanning at leisure centers it operates, finding the company unlawfully processed biometric data of over 2,000 employees. The ICO instructed Serco to destroy non-legally required biometric data. The watchdog emphasized the risks of biometric data and highlighted concerns about privacy and fairness.
Key takeaways from the meeting notes:
– The UK’s Information Commissioner’s Office (ICO) has issued an enforcement notice to stop Serco from using facial recognition technology and fingerprint scanning to monitor staff at 38 leisure centers.
– The ICO found that Serco and associated community leisure trusts had unlawfully processed the biometric data of over 2,000 employees at all 38 leisure facilities to check attendance and calculate pay, with no clear way for staff to opt out of the system.
– Serco Leisure and the trusts have been instructed to destroy all non-legally obliged biometric data within three months.
– UK Information Commissioner John Edwards stated that biometric data represents a risk to individuals and that Serco did not fully consider the risks before introducing biometric technology, prioritizing business interests over employees’ privacy.
– Facial recognition was deemed neither fair nor proportionate under data protection law in the context in which Serco and the trusts were using it.
– The ICO has also released new guidance designed to help organizations understand where they can and cannot use biometric data.
In addition, it is important to note that Serco is a well-known tech and business process outsourcer and has been involved in various high-profile contracts, including the pandemic response Test and Trace system and contracts with the Ministry of Justice. In 2019, Serco was fined nearly £23 million in a settlement with the Serious Fraud Office over contracts to electronically tag criminals.