Abogado Colaborador, Juan Carlos Hernández
La Agencia Española de Protección de Datos (AEPD), a través de su nueva resolución, ha impuesto sanciones de multa de hasta 365.000 euros por el uso de datos biométricos con fines de registro de la jornada laboral, alegando y justificándose para ello en la vulneración de los artículos 32 (referente a la falta de adopción de medidas de seguridad adecuadas), 35 (insuficiente evaluación de Impacto en materia de protección de datos) y 13 (relativo al incumplimiento del necesario deber de información) del Reglamento de la UE 579/2016, General de Protección de Datos (RGPD).
Al respecto destacar que se trata de la primera resolución que se dicta por parte de la AEPD tras la publicación en noviembre de 2023 de la “Guía sobre tratamientos de control de presencia mediante sistemas biométricos”.
Pues bien, parece ser que el único criterio interpretativo que la AEPD ratifica respecto a la Guía es que los sistemas de autenticación e identificación deben constituir de forma necesaria e imprescindible un tratamiento de categorías especiales de datos personales.
Por lo demás, y analizando detenidamente la resolución, lo único cierto es que, lejos de confirmar los criterios interpretativos manifestados en la referida Guía de tratamiento de control mediante sistemas biométricos, la AEPD ni siquiera ha entrado esta vez a valorar si la base legitimadora es o no adecuada a la finalidad pretendida, ni tampoco arroja luz alguna sobre si el tratamiento en cuestión podría ser o no viable en los términos expresados por la propia empresa. En este sentido, resulta muy llamativo que la AEPD haya decidido no analizar una de las principales cuestiones suscitadas tras la publicación de la Guía, esto es, la legitimidad o no en el tratamiento de datos biométricos, y opte en su lugar por sancionar con base a otras cuestiones, como puede ser la inexistente aplicación de medidas de seguridad, así como la validez de la evaluación de impacto realizada o la ausencia del obligatorio deber de información.
En definitiva, la nueva resolución de la Agencia Española de Protección de Datos viene a analizar los posibles riesgos derivados del uso de sistemas que utilicen datos biométricos en el entorno laboral, incluyendo tanto la importancia de acreditar la adopción de medidas de seguridad adecuadas (art. 32 RGPD) de informar adecuadamente a los trabajadores (art. 13 RGPD), así como la obligación de llevar a cabo una Evaluación de Impacto (artículo 35 RGPD, pues en este caso nos encontramos ante un tratamiento que implica un alto riesgo para los derechos y libertades de los interesados).
De esta forma, en caso de que la empresa en cuestión finalmente decida y opte por aplicar este tipo de sistemas de control de la jornada laboral mediante el uso de datos biométricos, será también necesario tener presente en todo momento cuáles son los riesgos inherentes para los derechos y libertades de los interesados, elaborando el correspondiente plan de Evaluación de impacto. Ello sin perjuicio de la obligación que tiene la empresa, en calidad de responsable del tratamiento, de adoptar las medidas de seguridad que resulten adecuadas al efecto.
//////////
Este artículo es informativo y no constituye un asesoramiento personalizado para usted.
Si usted desea resolver una consulta relacionada con esta temática o cualquier otra, puede contactarnos a través de este formulario
Cookie | Duración | Descripción |
---|---|---|
__stidv | 1 year | This cookie is used by ShareThis. This cookie is used for sharing the content from the website to social networks. |
lang | This cookie is used to store the language preferences of a user to serve up content in that stored language the next time user visit the website. | |
mc_session_ids[default] | 5 minutes | This cookie is set by the provider ReCaptcha. This is used by the Captcha plugin for the website forms. |
mc_session_ids[multi][0] | 5 minutes | This cookie is set by the provider ReCaptcha. This is used by the Captcha plugin for the website forms. |
mc_session_ids[multi][1] | 5 minutes | This cookie is set by the provider ReCaptcha. This is used by the Captcha plugin for the website forms. |
mc_session_ids[multi][2] | 5 minutes | This cookie is set by the provider ReCaptcha. This is used by the Captcha plugin for the website forms. |
mc_session_ids[multi][3] | 5 minutes | This cookie is set by the provider ReCaptcha. This is used by the Captcha plugin for the website forms. |
mc_session_ids[multi][4] | 5 minutes | This cookie is set by the provider ReCaptcha. This is used by the Captcha plugin for the website forms. |
Cookie | Duración | Descripción |
---|---|---|
_gat | 1 minute | This cookies is installed by Google Universal Analytics to throttle the request rate to limit the colllection of data on high traffic sites. |
YSC | session | This cookies is set by Youtube and is used to track the views of embedded videos. |
Cookie | Duración | Descripción |
---|---|---|
__stid | 1 year | The cookie is set by ShareThis. The cookie is used for site analytics to determine the pages visited, the amount of time spent, etc. |
_ga | 2 years | This cookie is installed by Google Analytics. The cookie is used to calculate visitor, session, campaign data and keep track of site usage for the site's analytics report. The cookies store information anonymously and assign a randomly generated number to identify unique visitors. |
_gid | 1 day | This cookie is installed by Google Analytics. The cookie is used to store information of how visitors use a website and helps in creating an analytics report of how the wbsite is doing. The data collected including the number visitors, the source where they have come from, and the pages viisted in an anonymous form. |
pxcelPage_c010 | 7 days | The domain of this cookie is owned by Sharethis. This is a analytical cookie used to provide unique identifier to the computer for traffic analysis to ShareThis. It helps in enabling sharing function on the website. |
Cookie | Duración | Descripción |
---|---|---|
_cc_aud | 8 months 26 days | The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. |
_cc_cc | 8 months 26 days | The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. |
_cc_dc | 8 months 26 days | The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. |
_cc_id | 8 months 26 days | The cookie is set by crwdcntrl.net. The purpose of the cookie is to collect statistical information in an anonymous form about the visitors of the website. The data collected include number of visits, average time spent on the website, and the what pages have been loaded. These data are then used to segment audiences based on the geographical location, demographic, and user interest provide relevant content and for advertisers for targeted advertising. |
EE | 4 months | This cookie is set by exelator.com. The cookies is used to store information about users' visit to the website. The data includes the number of visits, average time spent on the website, and the pages that have been loaded. This information is used to provide the users customized and targeted ads. |
IDE | 1 year 24 days | Used by Google DoubleClick and stores information about how the user uses the website and any other advertisement before visiting the website. This is used to present users with ads that are relevant to them according to the user profile. |
pi | 1 year | This is a targeting cookie, which is used for advertising.This cookie show the relevant adverts based on the visitors profile created by the cookie. |
pxrc | 2 months | The purpose of the cookie is to identify a visitor to serve relevant advertisement. |
rlas3 | 1 year | The cookie is set by rlcdn.com. The cookie is used to serve relevant ads to the visitor as well as limit the time the visitor sees an and also measure the effectiveness of the campaign. |
test_cookie | 15 minutes | This cookie is set by doubleclick.net. The purpose of the cookie is to determine if the user's browser supports cookies. |
ud | 4 months | This cookie is set by exelator.com. The cookies is used to store information about users' visit to the website. The data includes the number of visits, average time spent on the website, and the pages that have been loaded. This information is used to provide the users customized and targeted ads. |
uuid2 | 3 months | This cookies is set by AppNexus. The cookies stores information that helps in distinguishing between devices and browsers. This information us used to select advertisements served by the platform and assess the performance of the advertisement and attribute payment for those advertisements. |
VISITOR_INFO1_LIVE | 5 months 27 days | This cookie is set by Youtube. Used to track the information of the embedded YouTube videos on a website. |
Cookie | Duración | Descripción |
---|---|---|
collect_chat_launcher_load | 1 month | No description |
collect_chat_page_load | 1 month | No description |
CONSENT | 16 years 10 months 10 days 13 hours 14 minutes | No description |
cookielawinfo-checkbox-functional | 1 year | The cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional". |
cookielawinfo-checkbox-others | 1 year | No description |
fpestid | 1 year | No description |
st_samesite | session | No description |
zc | No description |