CNIL publishes new rules on biometric access control in the workplace
Fri 30 Sep 2016, 23:50

The French Data Protection Authority announced the adoption of two new decisions, Single Authorizations AU-052 and AU-053, that will now cover all biometric access control systems in the workplace. These two new decisions repeal and replace the previous biometric decisions adopted by the CNIL and lay down the CNIL’s new position on biometric systems used to control access to the premises, software applications and/or devices in the workplace. The CNIL’s new Single Authorizations AU-052 and AU-053 anticipate the application of the EU General Data Protection Regulation in May 2018. They take into account the principles of privacy by design and privacy by default, as well as the requirement to conduct data protection impact assessments, which data controllers will have to comply with by May 25, 2018.