Idin minangka pangecualian kanggo ngolah data biometrik

Bubar, Walanda Data Protection Authority (AP) mbayar denda gedhe, yaiku 725,000 euro, ing perusahaan sing mindhai driji karyawan kanggo registrasi lan registrasi wektu. Data biometrik, kayata bekas driji, minangka data pribadi khusus ing arti Artikel 9 GDPR. Iki minangka ciri unik sing bisa ditelusuri maneh karo wong sing spesifik. Nanging, data iki asring ngemot informasi luwih lengkap tinimbang, umpamane, identifikasi. Proses pangolahan kasebut nyebabake risiko gedhe ing babagan hak asasi lan kabebasan saka wong. Yen data kasebut mlebu tangan sing salah, mula bisa nyebabake kerusakan. Data biometrik saestu dilindhungi kanthi apik, lan pangolahan kasebut dilarang miturut Artikel 9 GDPR, kajaba manawa ana pengecualian sing sah. Ing kasus iki, AP nyimpulake manawa perusahaan sing dipasrahake ora duwe hak kajaba kanggo ngolah data pribadi khusus.

Babagan cap driji ing konteks GDPR lan salah sawijining pangecualian, yaiku kabutuhan, we previously wrote in one of our blogs: ‘Fingerprint in violation of GDPR’. This blog focuses on the other alternative ground for exception: ijin. Yen juragan nggunakake data biometrik kayata sidik driji ing perusahaan, bisa apa karo privasi, cukup karo ijin pegawe?

Idin minangka pangecualian kanggo ngolah data biometrik

Kanthi idin tegese a khusus, dilaporake lan ora umum ekspresi bakal sing ana wong nampa pangolahan data pribadhi kanthi pernyataan utawa tumindak aktif sing ora pati jelas, miturut Artikel 4, bagean 11, GDPR. Ing konteks pangecualian kasebut, juragan kasebut ora mung kudu nuduhake manawa karyawan wis menehi ijin, nanging uga iki ora bisa ditindakake, khusus lan informasi. Mlebu kontrak pagawean utawa nampa manual personel ing ngendi pengusaha mung nyathet niat kanggo jam kanthi klambi driji, ora cukup konteks iki, AP rampung. Minangka bukti, majikan kudu, umpamane ngirim kebijakan, prosedur utawa dokumentasi liyane, sing nuduhake karyawane cukup ngandhani babagan proses data biometrik lan dheweke uga wis menehi idin (eksplisit) kanggo ngolah.

Yen ijin diwenehake dening karyawan, luwih becik ora mung 'jelas'nanging uga'diwenehake kanthi gratis’, according to the AP. ‘Explicit’ is, for example, written permission, signature, sending an email to give permission, or permission with two-step verification. ‘Freely given’ means that there must be no coercion behind it (as was the case in the case in question: when refusing to have the fingerprint scanned, a conversation with the director/board followed) or that permission may be a condition for something different. The condition ‘freely given’ is in any case not met by the employer when employees are obliged or, as in the case in question, experience it as an obligation to have their fingerprint recorded. Generally, under this requirement, the AP considered that given the dependency resulting from the relationship between the employer and employee, it is unlikely that the employee can freely grant his or her consent. The opposite will have to be proven by the employer.

Apa karyawan njaluk ijin saka karyawan supaya bisa ngolah driji? Banjur AP sinau ing konteks kasus kasebut kanthi prinsip iki ora diidini. Semono uga karyawan gumantung marang pengusaha lan mula asring ora nolak. Iki ora ujar yen juragan ora bakal bisa dipercaya kanthi sah. Nanging, majikan kasebut kudu duwe bukti sing cukup kanggo nggawe bandingane kanthi idin idin, supaya bisa ngolah data biometrik karyawan, kayata cap jari. Apa sampeyan pengin nggunakake data biometrik ing perusahaan utawa apa majikan sampeyan njaluk ijin supaya bisa nggunakake bekas driji, umpamane? Yen ngono, penting supaya ora tumindak langsung lan menehi ijin, nanging kudu diwartakake kanthi bener. Law & More pengacara minangka ahli babagan privasi lan bisa menehi informasi. Apa ana pitakonan liyane babagan blog iki? Hubungi Law & More.

Share