SWEDEN HAS ISSUED its first fine against a company under the European GDPR legislation.
The government of the Skelleftea was slapped with a fine of 200,000 Krona (£16,800) after it emerged that facial recognition was being trialled in its school system.
The Swedish Data Protection Authority (DPA) said that under its rules, the use of biometric data, including images of faces, were protected under special rules which require separate licensing which those involved had not sought.
It also added that the three week limit on the trial was the only thing that had kept the fine from being much higher. Only 22 students from one school had been monitored, with the only data recorded being a presence indication as they entered or exited the classroom.
Parents had been informed of the trial. So all in all, it was being managed fairly sensitively, but the point is… that's not the point.
The DPA argued that pupils have a right to their expectations of privacy when entering a classroom and that these were being breached by the trial. It added that there were safer ways to collect the same data without the use of facial recognition or other biometrics and that the level of data collection was not justified.
The real kicker for the DPA is that nobody requested permission from it before the trial which means that there was a lack of understanding of the regulations and more than likely that no risk assessment had taken place, one of the criteria of any such trial.
In a statement to state broadcaster SVT, Skelleftea said the motive for the trial was to try and cut down on the estimated 17,000 hours spent by teachers on taking attendance every year.
In fact, this is something that technology could definitely help to cut down, but only if it is done the right way, and with facial recognition still under a mass of scrutiny right now, someone somewhere should have twigged that this wasn't going to play well. μ
Put a Ring-Con on it
We know. We're as surprised as you are
It's available across all major UK networks