- An Australian man won a landmark case against his employer after he was fired for refusing to hand over his biometric data to his employer.
- Jeremy Lee from Queensland, Australia, was fired from his job in February 2018 after he refused to use the company’s newly-introduced fingerprint scanners to sign in and out of work. He later sued his employer for unfair dismissal, citing his right to deny consent to the collection of his biometric data.
- Following an appeal, the court ruled in Lee’s favor, stating that his dismissal from the company was unjust.
- The case raises questions about biometric data collection and ownership, and highlights an increased concern over personal privacy.
An Australian man won a landmark case against his employer after he was fired for refusing to provide his fingerprints to sign in and out of work, raising questions about biometric data collection and ownership.
Jeremy Lee from Queensland, Australia, was fired from his job at Superior Wood Pty Ltd, a lumber manufacturer, in February 2018 after he refused to use the company’s newly-introduced fingerprint scanners to sign in and out of work. According to case documents, Lee asserted that he had ownership over the biometric data contained within his fingerprint, and that Superior Wood could not require that information from him under the country’s Privacy Act.
Lee filed a suit with Australia’s Fair Work Commission in March 2018, claiming he was unfairly dismissed from the company. The commissioner reviewing the case in June ruled in favor of Superior Wood, concluding that the fingerprinting policy was reasonable and therefore employees were obliged to comply.
Dissatisfied with the outcome of his case, Lee decided to represent himself and appeal the commission’s decision in November 2018, challenging the country’s privacy laws and raising questions about ownership of his personal data.
Ultimately Lee’s appeal was successful — on May 1, 2019, the commission ruled in his favor, stating that he was entitled to refuse to provide his biometric data to the company and that his dismissal from the company was unjust.
The case also addressed Lee’s concerns that his data could be shared with third parties.
“We accept Mr Lee’s submission that once biometric information is digitized, it may be very difficult to contain its use by third parties, including for commercial purposes,” case documents state.
The landmark case brings into question who actually owns your biometric data
Lee’s case is the first of its kind in Australia. And while it it did not change the laws regarding ownership over biometric data, it does raise important questions over personal privacy.
Cases involving biometric data collection have become more frequent in recent years. In January, the Illinois Supreme Court ruled in favor of the family of a teenager whose fingerprint was collected at a Six Flags-affiliated theme park when he visited in 2014. The family argued that neither they nor their son were informed of why the fingerprint was collected or where it was stored, which violated the state’s Biometric Information Privacy Act.
In an interview with Australian public broadcaster ABC Radio National on Tuesday, Lee expressed pride in the outcome of the ruling.
“I was insisting that my biometric data is mine,” he told Radio National. “My objection was that I own it. You cannot take it. If someone wants to get it or take it they have to get my consent.”
Lee said in his appeal that he would not object to the use of drug or alcohol testing at work, but argued that collection of data relating to his physical or physiological characteristics could be used in malicious ways.
“If someone else has control of my biometric data they can use it for their own purposes — purposes that benefit them, not me. That is a misuse,” he told the Radio National.
According to cybersecurity firm Norton, biometrics are used to “measure a person’s physical characteristics to verify their identity,” which can include their unique fingerprints, facial recognition, voice, or behavioral characteristics. While the data is used in everyday tools like authenticating someone’s identity on a smartphone, it can also be collected by medical examiners, police and even companies that have access to a person’s signature when they use a credit card.
Norton points out that the increasingly commonplace collection of biometric data raises some serious privacy concerns.
For one, the collection of sensitive data is a particularly attractive target for hackers, and the more widely available that biometric data is, the more likely it is that malicious actors will try and target that information.
Additionally, Norton says biometric data can be more vulnerable than other forms of data due to the permanent nature of the information. For example, Norton points out that while you can change your password, you cannot change your fingerprint or iris scan. And fingerprints left on commonplace items like drinking glasses can be easily duplicated by criminals.
While new technology has brought heightened awareness to the collection of biometric data, laws governing its collection, sharing, and storage are still a work in progress, as Lee’s case shows.