Luana Pascu reports:
A school in Gdansk, Poland, has been fined PLN 20,000 (roughly US$5,300) by the European Data Protection Board over a biometric data processing breach that affected 680 children in the 2019-2020 school year.
The school used a biometric reader to process student’s fingerprints as a form of identification and lunch payment verification, however the President of the Personal Data Protection Office (UODO) said there was no legal basis for the measure, as other forms of identification could have been used at the school canteen such as electronic cards or name and contract number. Not only was the school fined, but all personal data is to be erased and data collection discontinued.
The school had received written consent from parents or legal guardians to implement the measure, and has been doing this since April 1, 2015.
Read more on Biometric Update.