Marco De Felice (@amvinfe) recently pointed me to the web site for the Italian data protection regulator (“the Guarantor”), so now you may be seeing more Italian privacy-related news on this site, too.
For starters, there was a ruling on an employment-related case announced this week. The Provincial Health Authority (Asp) of Enna was fined €30,000 for the use of an attendance detection system based on the processing of biometric data of employees without suitable legal basis.
The investigation by the Authority, launched following some press articles, made it possible to ascertain that the attendance detection system of the Asp of Enna acquired the fingerprints of over 2,000 employees, storing them in encrypted form on the badge of each worker. The Company then verified the employee’s identity by comparing the reference biometric model, stored in the badge, and the fingerprint presented upon detection of attendance and transmitted the employee’s registration number , the date and time of stamping, to the attendance management system.
Read more about the case and decision on GDPD.