Biometrics at Workplace

I’ve recently come across companies that mandate biometrics like fingerprint, facial recognition and retina scans while onboarding new employees and/or while upgrading internal staff requirements.

There are instances where a few state owned banks are also mandating use of biometric attendance systems.

The problem is that initial onboarding and hiring is often outsourced to private HR companies and i’m not sure how the biometric data is handled by them and so on.

1. Can I as an employee deny/revoke consent for collection/use of my biometric data?
2. What is the current legal framework around this issue, if any?

Here’s an interesting story on the same.

Hi, Anoop! This has become a serious problem and we published an explainer earlier this year which examined the Personal Data Protection Bill 2019 from the lens of workplace surveillance. To answer your question, since biometrics are classified as sensitive personal data (Rule 3 of IT SPDI Rules and Clause 3(36) of PDP Bill 2019), they cannot be collected without the consent of the employee and alternate methods of verification must be provided by the employer.