Who has the right to your biometric data? This is the question that was posed to the Fair Work Tribunal when a worker was fired for not giving his fingerprint to his employer.
When his employer demanded his fingerprint as part of a new work sign-in system, Jeremy Lee refused. As a result, he was dismissed from his job. Not satisfied with the outcome, he took his case to the Fair Work tribunal.
The case against unfair dismissal
The case, the first of its kind in Australia, explores the murky legal ground where personal privacy meets technology.
While many of us don’t think twice about using a fingerprint to unlock our iPhone multiple times a day, Jeremy Lee has a very different view when it comes to being so cavalier about his biometric data.
He says this particular data, which relates to his physical or physiological make-up, is not only unique, it’s valuable and his fear was that it might not be protected adequately, or could be open to misuse once handed over to his employer.
His unfair dismissal case centred not just around the issue of privacy, but whether it was appropriate for his employer, Superior Wood, to have access to his biometric data.
While the employer submitted that the objective of the new scanning system was to better track the presence of employees on the premises, Mr Lee argued that swipe cards or personal pins can be just as effective in achieving this goal, and that using his fingerprints was unnecessary.
The case went before the Fair Work Tribunal twice. The first time, a single Commissioner ruled in favour of the employer, finding that the fingerprint scanning system was a reasonable policy and that the sawmill company was permitted to require employees to comply with it — and to dismiss employees who did not.
Breach of the Privacy Act
Mr Lee appealed, representing himself at the full bench of the Fair Work Commission.
He submitted that his biometric data was his own, that no one should reasonably be allowed to demand it, and that his consent must be obtained for its release. However, this ground was rejected by the tribunal.
The Commission made clear that employees have an obligation to “comply with all lawful and reasonable directions” from an employer, but noted that the Privacy Act states that when an employer wants to collect sensitive information — such as fingerprints — they must give sufficient notification and allow for a process of informed consent.
It ultimately ruled that Superior Wood failed on both accounts, and as such had unfairly dismissed Mr Lee.
While the case has been described as the first of its kind, it does not set a precedent about biometric data ownership.
What is biometric data?
Facial recognition technology is another technology that is increasingly eroding our personal privacy, whether we provide informed consent or not.
For example, Facebook has long been using facial recognition capabilities (except in Canada and the EU) for some time. Last year it made an important announcement to all users – that the feature is automatically running, and to stop it, you must find the appropriate setting and turn it off.
Recently, Westfield came under fire for using its ‘Smartscreen Network’ – small cameras fixed to advertising screens throughout Westfield shopping centres, to detect individual faces and record the age, gender and mood of shoppers.
While the retail giant says it uses the information to improve the experience of shoppers, the use of the technology has raised concerns about the inadequacy of privacy laws in Australia. Under existing laws, retailers do not need to consent of shoppers to collect data obtained through CCTV cameras.
Governments around the world too, are increasingly using the technology, with NSW Police Force continuing to push ahead with the technology despite the fact that it far from accurate, and in fact has the very real potential to turn innocent people into suspects.
Is the current law adequate enough?
Certainly there are many questions surrounding biometric identifiers that have not yet come before the Australian courts and tribunals, and the issue remains of whether our privacy protections are being maintained in line with the rapid pace of technological change.