This is called the “punch” problem.
Employees sometimes ask their colleagues to clock in for them on a construction site. In response, some companies have turned to biometrics – unique physical and human characteristics – to digitally identify who is who and what they have been doing.
“Collected, captured, stored and used”
McDonald’s (MCD) – Get McDonald’s Corporation report used this method, using a fingerprint or hand scanner as their primary method of clocking in to locations in Illinois.
The fast-food giant also installed fingerprint scanners on cash registers to detect fraud and find out who had access to registers.
McDonald’s recently agreed to a $50 million class action settlement involving Illinois employees who used their biometric information to log into or use restaurant systems.
The plaintiffs in the case had their biometric information “collected, captured, stored and used by McDonald’s”, according to one complaint, but they were not told in writing that this information was being stored, nor did they no longer given written permission for their use. .
McDonald’s, which did not respond to a request for comment, is not just a company struggling with issues related to biometrics, which can include fingerprints, retina scans, facial and voice recognition, keystrokes and even the way people walk.
In 2020, Facebook’s parent company Meta (Facebook) – Get the Class A report from Meta Platforms Inc. agreed to pay $650 million to settle a biometrics lawsuit and analysts believe there will be more such cases as companies try to improve security while respecting an employee’s privacy.
“Cases against employers who use biometric timekeeping have become extremely common over the past 5 to 10 years,” said Matthew Kugler, associate professor at Northwestern University’s Pritzker School of Law.
“Waking up to dystopian reality”
Kugler noted that “Illinois law requires express consent and disclosures for the collection and use of biometric identifiers, and many companies have not had their employees complete these forms.”
“More companies are adopting biometric verification technologies,” said Margaret Hu, a law and international business professor at Penn State. “At the same time, more and more states and local governments are enacting biometric privacy laws and ordinances. As a result, we are likely to see similar class action lawsuits in the future.”
Dustin Marlan, assistant professor at the University of Massachusetts Law School, said that “over the past few years there has been a much greater awareness of privacy issues, both in the United States and ‘abroad”.
“People are realizing the dystopian reality that we no longer have the aspects of ourselves that we think we have,” he said. “Defenders therefore use the laws at their disposal that regulate the taking of biometric data.”
And what is it about biometrics that makes it such a legal minefield?
Kugler said much of the controversy with biometrics revolves around their permanence and immutability.
“Your employee identification number ceases to be associated with you when you leave your job, but your fingerprints and face remain the same,” he said. “Some see this as an ongoing security and privacy risk.”
“Biometrics can link an individual’s identity to a wide range of records and activities, digital and physical,” Hu said. “Biometric surveillance can lead to multiple consequences, many of which are unseen and unknown.”
Marlan said biometrics “leads to surveillance capitalism”.
“There is unequal bargaining power between ordinary citizens who give up rights to aspects of our very identity, in raw form, and the wealthy corporations who can obtain them so easily through the transfer of technology,” he said. -he declares.
Marlan, who called $50 million a “silly change” for a company like McDonald’s, said facial recognition software, in particular, is now a major problem.
“It can lead to racial profiling and discrimination, in addition to a myriad of other invasive surveillance issues,” he said. “Biometrics is a pressing issue of social and economic justice and we need stronger regulation in this area.”
Isabelle Moeller, chief executive of The Biometrics Institute, an international organization that promotes responsible and ethical use of biometrics, said “Biometrics cannot be rushed, it requires strong policies, processes and technology assessments.”
Last year, the institute released its 20-year report, which highlighted the positive impacts of biometrics, including improving airport security and identifying victims of the 2004 tsunami in South Asia. -East.
“In 2020, we released our Three laws of biometrics as a concise reminder that policy should come first when considering implementing biometrics, followed by process and only then technology,” Moeller said. “It also highlights the importance of knowing not only your algorithm, but also your data and your implementation.
Moeller said biometrics “requires careful planning, implementation, auditing and monitoring.”
“They’re not a silver bullet or silver bullet,” she said. “That’s why we exist: to promote responsible and ethical use because, like many technologies, biometrics can be used unethically and irresponsibly.”