Biometric Fingerprinting and Unfair Dismissal

Safety v privacy: In a landmark decision, the Fair Work Commission (FWC) Full Bench has held that an employee was unfairly dismissed for refusing to use biometric scanners to sign in at work.

Background

For a period of three and a half years, the employee was employed as a casual General Hand for the Company at its two Queensland sites. During most of this time, a paper system was used whereby employees would sign in and sign out as they entered and departed the sites. In October 2017, the Company announced that it was introducing biometric scanners, consistent with activities across the broader corporate group.

The Company had a Site Attendance Policy (SAP) which required the biometric system to be used. It required each employee to provide their fingerprint so that they could be recognised when scanning in and out of the site. The system was intended to improve payroll systems, and also provide a more reliable and real time record of who was on site. When a safety incident occurred, supervisors would be able to check who was on site via their phone, without having to run to the office for the paper sign in/sign out sheets.

From the outset, the employee refused to provide his fingerprint. He was the only employee who refused. Between November 2017 and February 2018 a number of meetings were held to discuss his concerns but he maintained his refusal to use the scanners and instead proposed that he continue to use an alternative method such as the paper sign in/sign out system. The employee was issued with three warnings about his failure to use the system and was warned it may result in the termination of his employment. The Company considered it impractical to exempt one employee from an improved safety measure, and conduct a manual payroll system for that one employee.

The employee was told that if he did not comply with the SAP, dismissal was a likely outcome. The employee did not comply with the SAP when he maintained his refusal to use the biometric scanners. Dismissal occurred on 12 February 2018 and he filed an unfair dismissal claim.

Initial decision

The employee initially lost his case before a single commissioner in the Fair Work Commission as the Commissioner concluded that:

• the SAP was not unjust or unreasonable;
• the Company was subject to the Australian Privacy Principles (APPs);
• biometric data arising from a fingerprint was sensitive information under the Privacy Act;
• the Company must not collect sensitive information about an individual unless that individual consents and the information is reasonably necessary for one or more of the entity’s functions or activities;
• the introduction of biometric scanners was ‘reasonably necessary’;
• the other employees had given implied consent to the collection of their sensitive information by registering their fingerprint;
•  the Company did not have a Privacy Policy in place and had not provided a ‘collection notice’ which stated how it would keep the sensitive information safe;
• the failure to provide the collection notice did not render the SAP unlawful, but it may have been a breach of the Privacy Act;
• as the employee failed to meet a reasonable request to follow a fair and reasonable workplace policy, there was a valid reason for dismissal.

Permission to Appeal

The employee applied for permission to appeal the FWC’s decision. Permission must not be granted unless it is in the public interest to do so.

The Full Bench held that it was in the public interest to allow an appeal so that the following might be considered:

• whether the request to comply with the employer’s SAP was lawful and/or reasonable in all the circumstances of the case, and in the context of the employee’s refusal to provide consent to the disclosure of his personal biometric data;
• whether the Commissioner’s findings as to the application of the Privacy Act were relevant, and/or appropriately balanced with the exercise of the Commissioner’s discretion under Part 3-2 of the Act – Unfair Dismissal;
• to the extent the Privacy Act was relevant, whether the exemption in s.7B in respect to an ’employee record held by the organisation and relating to the individual’ included the process by which the employee record was obtained or created;
• whether an employee’s refusal to provide consent to the collection of sensitive ‘information about an individual’ in APP 3.3 was a breach of the employer’s SAP; and
• whether the ‘consent’ required by APP 3.3 included ‘implied consent’, in circumstances where the employees have registered their fingerprint algorithm to be used by the scanners without first having been notified as required under the Privacy Act.

Further, the Full Bench stated it considered it was in the public interest to allow the appeal given that this would be the first time a Full Bench would consider the question of whether failure to provide biometric data for registering employee presence at a workplace, constituted a valid reason for dismissal, and it was satisfied that the appeal raised ‘important, novel and emerging issues’.

Appeal decision

The Full Bench held the employee’s refusal to comply with the SAP was not a valid reason for termination. It said:

• the Policy was not a term of his employment contract;
• the APP applied to the Company in connection with the solicitation and collection of sensitive information from employees, up to the point of collection;
• once collected, the ‘employee records’ exemption within the Privacy Act was enlivened, but until collection occurred the exemption did not apply and the company was required to comply with the APP’s;
• there was no evidence that any of the entities that had access to the biometric data had any mechanism in place to protect that data;
• the Company failed to provide a collection notice in accordance with Principle 5 of the APPs;
• as the employee was directed to submit to the collection of his fingerprint data in circumstances where he did not consent to that collection, this was a breach of Principle 3 of the APPs (which also relates to ‘soliciting’) and was not a lawful direction;
• any consent the employee might have given once he was told that he faced discipline or dismissal if he didn’t submit to collection would not have been genuine consent;
• given the direction to submit to the collection was not lawful, it was also not reasonable;
• the Company was procedurally fair in effecting a dismissal for a reason that was not valid. The dismissal was unjust because he was not guilty of the conduct alleged. As the direction was not lawful, he was entitled to refuse to follow it.

What you need to know

This decision demonstrates that:

1. Employers must not assume that the employee records exemption in the Privacy Act, applies to all matters to do with employment;
2. Dismissal for failure to follow a lawful and reasonable direction will only constitute a valid reason where that direction is in fact lawful. If it is not lawful, it will not be reasonable;
3. Introduction of biometric systems in the workplace may be complex, and genuine employee consent will be necessary.

Jeremy Lee v Superior Wood [2019] FWCFB 2946

If you would like advice or assistance with any of the above issues, please contact Simone Caylock or Nicholas Kelly of our Transport & Logisitcs Industy Group.

©2019 Rigby Cooke Lawyers

Disclaimer: This publication contains comments of a general nature only and is provided as an information service. It is not intended to be relied upon as, nor is it a substitute for specific professional advice. No responsibility can be accepted by Rigby Cooke Lawyers or the authors for loss occasioned to any person doing anything as a result of any material in this publication. 

Liability limited by a scheme approved under Professional Standards Legislation.