October 19, 2019

October 18, 2019

Subscribe to Latest Legal News and Analysis

October 17, 2019

Subscribe to Latest Legal News and Analysis

France Launches Consultation on Regulation for Biometrics at Work

The General Data Protection Regulation (GDPR) applicable since 25 May 2018 , modifies the legal rules on the use of  biometric data. The processing of biometric data for the purpose of “uniquely identifying a natural person”  is, as a matter of principle, prohibited under Article 9 GDPR . Amongst the authorised exceptions is the processing “necessary for the purposes of carrying out the obligations and exercising specific rights of the controller or of the data subject in the field of employment […] in so far as it is authorised by Union or Member State law or a collective agreement pursuant to Member State law providing for appropriate safeguards for the fundamental rights and the interests of the data subject “

To adapt the national law to this evolution of the European rules, the French legislator modified the French Data Protection Act in June 2018 . The new provisions provide that biometric access control devices using biometric data may be implemented by employers provided that they comply with a standard norm published by the CNIL. The norm has to be is established by the CNIL “in consultation with the public and stakeholder representatives”.

The CNIL has thus launched on 3 September  a public consultation on  draft regulation on  “work biometrics”.

The consultation period will run until 1 October 2018. The amended draft, taking into account the comments received, will then be submitted for consideration by the plenary meeting of the CNIL.

The draft regulation and the consultation may be found here.

© Copyright 2019 Squire Patton Boggs (US) LLP


About this Author

Stephanie Faber Attorney Squire Patton Boggs Paris
Of Counsel

Stephanie Faber heads the Data Privacy & Cybersecurity Practice and the Intellectual Property & Technology Practice in the Paris office. She specialises in international business law, with more than 20 years of experience. Her legal practice encompasses business transactions and operations, as well regulatory and compliance work.

In relation to the Data Privacy & Cybersecurity Practice, Stephanie advises on:

  • GDPR gap assessment and compliance programs

  • Data breach...

33 1 5383 7400