skip to main content
0
CookiePro Blog September 6, 2019

First GDPR Fine in Sweden Over Facial Recognition Use

A school in northern Sweden has been fined 200,000 SEK (about $20,000) after experimenting with facial recognition as a system to document student attendance. The Swedish Data Protection Authority (DPA) fined the school for violating three articles under the General Data Protection Regulation (GDPR):

  • Article 5(1)(C): The use of facial recognition was intrusive in monitoring the attendance of students which lays down the ‘data minimization’ principle.
  • Article 9: Facial recognition data comprises ‘special categories of data’, which may only be processed to a legal basis. Processing facial recognition data is allowed with the data subject’s explicit consent. The school argued that all the students and their parents had given consent. However, the Swedish regulator held that the permission given by students was not a voluntarily given and freely chosen because of the school’s powerful position.
  • Article 35: Under this article, there is a requirement to conduct a documented Data Protection Impact Assessment (DPIA) before processing data that entails elevated data protection risks, such as facial recognition monitoring.

This is the first time the country has been fined for violating the digital privacy violation. The facial recognition pilot had been going on for three weeks last fall and involved 22 students.

Ranja Bunni, a lawyer at the Swedish DPA who helped with the review of this violation, said that consent isn’t a valid legal argument since the students depend on the high school board. The agency pointed out in its release that there are alternatives to checking student attendance that aren’t as intimately invasive as a facial recognition system.

While the Swedish DPA’s ruling is not big compared to other GDPR fines, it’s a clear marker that GDPR enforcement is picking up around the globe. The Sweden High School case indicates the extent of GDPR is not just limited to giant corporations such as British Airways, but also smaller public and private entities.

Visit here to learn how CookiePro helps comply with the GDPR.

Recent Posts

DeveloperWeek 2020 Deep Dive
DeveloperWeek 2020 Deep Dive
Last week, CookiePro sponsored DeveloperWeek 2020, one of the largest developer conferences in the United States. Learn more about our time...
+ View Article
CookiePro Sponsors Orlando DrupalCamp
CookiePro Sponsors Orlando DrupalCamp
The CookiePro team is heading to Orlando for DrupalCamp! Visit our booth to learn about the different plugins we have available for Drupal...
+ View Article
CookiePro CMS Plugins & Modules
CookiePro CMS Plugins & Modules
CookiePro has plugins that integrate with WordPress and Drupal with additional plugins for Joomla, Magento, and more coming soon. Learn more...
+ View Article
Cross-Site Tracking Deep Dive
Cross-Site Tracking Deep Dive
Cross-Site Tracking is a trending topic lately. Let's dive into what you need to know about cross-site tracking.
+ View Article
popup close button