Employees’ reflections on workplace biometric data usage: an in-depth analysis

13 minutes to read

Article

Leonie Milder

28/08/2024

In 2020 the Dutch Data Protection Authority (AP) imposed a record fine of €725.000 on a company that required employees to have their fingerprints scanned when clocking in and out, without any necessary reason. After getting tipped off, the AP discovered that since the introduction of the General Data Protection Regulation (GDPR), which came into effect in May 2018, over 1300 fingerprints were stored, including fingerprints from employees who had since left the company.

Under the GDPR, fingerprints and other biometric data are a special category of data, where stricter requirements apply to the storage process. The Dutch implementation act called AVG furthermore states that biometric data may be used for identification purposes, as long as it is considered to be necessary (for example, in terms of safety) and explicitly consented to. The news spread like wildfire and led to a lot of organizations and companies waiving the use of biometric data, in fear of getting a hefty fine themselves.

In the ever-evolving landscape of (digital) and modern workplaces, technology has become an indispensable tool to both employers and employees, with efficiency and tracking at its core. Among these tech advancements, the use of biometric data, in our case, fingerprints to clock in and out of work, has been a subject of both convenience and controversy. It has heavily shifted the relationship between employees, their employers and their data. Beyond the practicality of biometric data, its usage has implications for the individual’s privacy, security and autonomy.

This paper aims to answer the research question “How has the implementation of biometric data for time tracking purposes in the workplace impacted employees’ experiences, concerns and perceptions in the Netherlands?”

The paper furthermore aims to delve into the multifaceted world of biometric data usage in the workplace, focusing on the reflections of Dutch employees who have directly experienced this digital transformation and the reversal of it. To better understand the implications that biometric data usage has on the work environment, a series of semi-structured interviews with employees who had encountered this technological innovation at their workplace was conducted. The aim of this was to research their experiences, perceptions and attitudes towards the controversial use of biometric data, contributing to the academic discourse on technology’s evolving role in contemporary employment practices.

Theoretical Framework: Navigating the Dynamics of Surveillance

Surveillance as a multifaceted phenomenon is a critical subject within our contemporary society and is marked by a series of evolving concepts and practices. This theoretical framework explores the complexity of surveillance, drawing on various key concepts to understand its theoretical base, and how these concepts intertwine within the broader context of surveillance.

Strategic and Automated Surveillance

Strategic surveillance, as a foundational concept, has its roots in historical practices of monitoring and control. It is the process of gathering information, tracking individuals, and collecting data for strategic purposes; surveilling with a clear reason. Organizations, institutions, and governments employ this form of surveillance to achieve specific goals, often relating to security, efficiency, or control (Foucault, 1977). The concept of strategic surveillance establishes a foundational understanding of surveillance dynamics but emphasises the power structures and intentions behind data collection.

The rise of digital technology has ushered in a new era of surveillance, characterized by the low costs of digital surveillance. This automated surveillance (Andrejevic, 2019), encompassing data collection, monitoring, and analysis, has proliferated in the digital landscape. It operates within the realm of cyberspace, different from its traditional counterpart (Lyon, 2007). Digital surveillance is distinguished by the uninterrupted and endless production of data, its nonlinear nature, and its reliance on algorithms. This mode of surveillance introduces unprecedented challenges and compelling ethical deliberations concerning privacy and control.

Co-Veillance

In the modern era, individuals have evolved from being passive subjects of surveillance to becoming proactive participants in a phenomenon oftentimes referred to as "co-veillance" by Albrechtslund (2008). Co-veillance is characterized by the voluntary sharing of personal information on social media platforms, contributing to the collective monitoring of society. Here the word “voluntary” can be seen as questionable, because oftentimes, individuals are not aware of the amount or depth in which they share their data online. So while individuals willingly engage in co-veillance, this practice raises significant questions concerning the blurring line between one’s public and private life, the dynamics of informed consent and the potential risks or consequences of giving out personal information to third parties, even 'trustworthy’ institutions.

Co-veillance thus represents a paradigm shift in the way individuals interact with surveillance, as they willingly contribute to the pool of information that can be accessed and analyzed by various stakeholders, which can in turn be used for profiling. This transformation highlights the importance of informed decision-making and an awareness of the implications of sharing personal data within the digital landscape.

The Panopticon and Society of Control

The panopticon, a concept first introduced by Jeremy Bentham (1791) and elaborated upon by Michel Foucault, represents a now iconic example of the power dynamics inherent in surveillance (Foucault, 1977). The design of the panopticon, with a central watchtower overseeing inmates in a circular prison, aimed to create a sense of constant surveillance, where individuals modified their behaviour due to the fear of being watched (Bentham, 1995). This entailed that the power, which was previously external, is now internalized by the inmate. This concept reflects a society where people feel like control is all around them, observing, resulting in them acting in a way that aligns with the law.

The society of control, proposed by Gilles Deleuze, captures the subtle yet continuous nature of contemporary surveillance (Deleuze, 1992). In this model, surveillance is described to be not only characterized by observation; it operates behind the scenes, shaping behaviours through data analysis and predictive algorithms: dataveillance. The society of control introduces a perspective where surveillance adapts and evolves to mould the masses into a society where everyone watches everyone.

Biopower and Biometric Surveillance

Biopower, another concept introduced by Michel Foucault, focuses on the mechanisms of control and regulation that extend to both the biological and social characteristics of a certain population (Foucault, 1978). Foucault underlines the subtle ways in which institutions and governments seek to influence and manage individuals within a society, shaping not only their physical well-being but also their behaviours and identities as a political strategy. This reflects a shift in the perception of power, from power over death to power over life. The purpose of biopower is for institutions and governments to present people with options, creating the illusion of free will, while ultimately controlling what we do, what we want to do, and what we can do.

Biometric surveillance, in turn, emerges as a clear example of biopower in the digital age. This form of surveillance exploits advanced technology to precisely monitor and record unique physical and biological attributes, for example, fingerprints and facial features (Woodward, 2014). This fusion of biopower in combination with new cutting-edge technology introduces a large number of considerations, including data and privacy protection, individual rights, and the potential for misuse or abuse.

Biopower, biometric surveillance, and co-veillance directly reflect the relationship between technology and surveillance, the regulation of individuals' biometric data and the role of individuals in shaping contemporary surveillance practices. In turn, the GDPR (as a legal framework) emphasizes the importance of data protection and individual rights in the context of digital surveillance. The relationship between these concepts underlines the multifaceted and complex nature of surveillance and is a key element to understanding its theoretical foundations, ethical considerations and practical implications in our ever-evolving digital landscape.

Empirical Research

To understand how employees reflect upon the time when various workplaces used fingerprints to clock in and out, semi-structured interviews with employees of workplaces as such are essential. The sample was achieved by approaching a local supermarket in the south of the Netherlands, which existed both before and after the GDPR and AVG. The interviews consisted of 6 individuals, from both genders and ages, varying between 14 and 54. Interestingly, the vast majority of the participants were both employed during the time fingerprint clocking systems were used and after the implementation of strict data regulations, like the GDPR and AVG. For anonymity reasons, both the company and the participants are not revealed. Part of this is because the management of the said company had doubts about allowing participation in the first place.

To try and make a comparison between how employees felt when their fingerprints were actively used and now looking back at it, I opted for three predetermined open questions, then asked multiple follow-up questions, depending on the answers given. The main questions were as follows:

How were you informed about the implementation of biometric data for timekeeping purposes, and did you have any concerns or questions at the time?
How do you think the use of biometric data for time tracking influenced your work routine and overall job satisfaction?
From your perspective now, what could the company/managers have done differently in handling your personal data and the process surrounding it?

Based on the interviews, I could place the individuals into three categories, as previously identified by Westin (1991). The first is characterized by a nonchalant or careless attitude surrounding the biometric data use.

The second category is more positive and includes an individual who described the usage of biometric data to be handy and easy and the last category includes people who explicitly negatively describe their experiences and views on the use of biometric data in the workplace.

By analyzing three sets of data, one from each previously mentioned category, we can take a closer and deeper look into the different stances employees had on the use of biometric data in a workplace where it is not essential. Both excerpts from the interviews and arguments made in the media will be used in connection to biometric data and surveillance, employee productivity, performance

Employee Perspectives on Biometric Time Tracking: Reactions and Implications

Out of the 6 participants, 3 answered in a manner that reflected a seemingly nonchalant or careless attitude. In their answers, the participants talked about the use of biometric data to clock in and out of both work and their breaks during the day like it was normal, and the fact that now it is not allowed anymore is the same: normal.

In terms of the information provided by the company management about the implementation of biometric data use, one participant was assured that the fingerprints were kept safe, the others were simply under the impression that it was mandatory to work at said company. For two employees, this was even their first job, so they had no real comparison material. The assumption was that it would be okay; otherwise, the practice would have been made a bigger deal. Some ways in which participants altered their work routine because of the biometric data time trackers was to always clock in straight away, even when they were still in their coats and had to get ready in the locker room.

Another example is that when on break, people only clock in once they are settled and have their food prepared (e.g. using a microwave), simple ways to avoid the strict time management that the finger scanner enforced. In retrospect, the employees seem neutral about how management handled their personal data since nothing big happened.

“Using your finger to clock out was just a part of your routine, you did not think about it, nobody did. Even when the scanner did not recognize you as yourself, you joked about it; rough day, new haircut…” (Translated from Dutch)

One participant had a more positive view of the fingerprint clocking station, mentioning how “things” used to be easy. They reasoned that now, there was a keyfob that could get lost or broken. Since a fingerprint is on you at all times, especially since three fingers were scanned into the system, you always had another option, even when you had to bandage a finger (which would happen sometimes at her department in the meats section), it was simply easier.

The participant also mentioned how in the years before and after the biometric scans were used, people would clock in for each other. The reasoning for this was that employees get paid per quarter of an hour, meaning that if you clocked in at 07:01, you would not get paid until 07:15. People helped each other out here, which the participant looked down upon, illustrating a kind of co-veillance where employees watch other employees. This also contextualized the answer given to the question about what could be improved by management: getting paid per minute that you are clocked in, to avoid this practice. Lastly, they confirmed that there was no clear story behind the taking of fingerprints and no clear choice-making opportunity to decide whether you wanted to work with this system.

“But especially those youngsters did not follow the rules. They clocked in when they barely had two legs inside the building and always wasted time at the end of the evening because they wanted to leave at exactly:00, :15, :30 or:45. This would not happen before we had the fingerprint system, because management was on top of it. To them [young employees] it was just a computer.” (Translated from Dutch)

The remaining two participants had a less optimistic view of the use of fingerprints and its process. When the fingerprint scanner was first implemented, it felt mandatory to get into the system, as it was the company’s “new system” to use from then on. At the time it felt like an implementation of a new gadget-type of tool, but at the same time, these people had their concerns.

Examples of questions that arose were: Where will my fingerprint be stored? What is this system called? Is it proven to be safe with my data? Plainly, why? All concerns were addressed, but indirectly and vaguely. A key point here is that these concerns were addressed individually, not to the whole group. The overall job satisfaction was described to be declining but overtime stagnated as people forgot what they were concerned about.

Situations that were mentioned in the interviews were that the employees felt micro-managed as every clock in and out was down to the second, and managers would confront people who would clock out mere seconds after getting off work (implying that the employee in question had been waiting for the system to say 5 p.m.) and that it was just annoying to use, especially during breaks.

In the break room, there is only one combination of a microwave and oven, meaning that if you clocked into your break time and someone else’s pizza still had to be in the oven for 12 minutes, you would lose that time for your break, as there was no time to pause or cancel your clock. Except if you went into the break room to check, but that would be against company policy, and people would tell each on other. In this perception, we see clear examples of a society of control, where everyone watches each other, resulting in a shift in behaviour in accordance with company policies. Here, the biometric data is used as a power tool to strategically surveil and keep employees in check.

“I was even called to my department leader’s office, where she told me that every time I was scheduled from 07:00-15:00, I would clock out at 15:00 or 15:01. I did not know what she wanted me to say, I was scheduled until that time. But still, I had to explain myself.” (Translated from Dutch)

Conclusion

The implementation of biometric data for workplace time tracking has spurred various responses among employees, reflecting a complex discussion between convenience and controversy in contemporary employment practices. The theoretical framework, encompassing key surveillance concepts such as strategic surveillance, digital surveillance, co-veillance, the panopticon, the society of control, biopower, and biometric surveillance, provides an essential backdrop to understand the broader context of this research.

Through an in-depth analysis of employees' reflections on biometric data usage in a Dutch company, we uncover important insights and implications. The evolution of surveillance, marked by the transition from strategic to digital surveillance, has drastically transformed the landscape of workplace monitoring. While strategic surveillance was historically employed for specific purposes and targets, digital surveillance operates within the virtual realm, introducing ethical and privacy considerations.

Co-veillance has emerged as a noteworthy trend in which individuals voluntarily share personal information, raising questions about privacy and informed consent all the while surveilling peers. The theoretical concepts of the panopticon and the society of control further illustrate the dynamics of surveillance. The panopticon's principle of constant observation leading to self-regulation echoes in contemporary workplaces now, where employees modify their behaviour under the continuous gaze of surveillance systems like fingerprint scans. The society of control, on the other hand, highlights the subtle yet pervasive nature of modern surveillance, where data analysis and predictive algorithms mould behaviour, creating a society where everyone watches everyone.

The concept of biopower emphasizes the regulation and control of biological and social aspects within a population. Biometric surveillance, as a manifestation of biopower, uses advanced technology to monitor unique physical and biological characteristics. The fusion of these concepts introduces a lot of concerns related to data protection, individual rights, and potential abuse.

The empirical research conducted through semi-structured interviews with employees reveals varying attitudes toward biometric data usage. Participants fall into three categories: those with a nonchalant or careless attitude, those who view it positively, and those with negative experiences. These reflections underscore the nuanced relationship between technology and surveillance, as well as the impact on employee productivity, performance, and privacy. The implementation of biometric data for workplace time tracking has not only the way employees interact with their workplace but also with each other.

In conclusion, the study highlights the intricate interplay between technology, surveillance, and employee experiences in the workplace. The reflections of Dutch employees offer valuable insights into the implications of biometric data usage, contributing to the still ongoing discourse on technology's evolving role in contemporary employment practices, even now after the implementation of GDPR and AVG.