Spain: Adopted Guidance on presence control using biometric systems

On 23 November 2023, the Spanish Data Protection Agency (AEPD) published the Guidance to presence control treatments using biometric systems in compliance with the General Data Protection Regulation (GDPR). The Guidance aims to establish a legal, technical, and ethical framework for the monitoring of attendance and time, both for work and non-work purposes. The fundamental principles of monitoring include the protection, privacy, and security of data subjects. In particular, the need for employee consent, transparency in the use and processing of data, limitation to specified purposes, security measures to protect data, and compliance with the principles of proportionality and necessity. Employers must also be accountable for compliance with these regulations and respect the rights of employees to access, correct, and delete their data.