Facial recognition in school renders Sweden's first GDPR fine

Published: 21 August 2019

The Swedish DPA has fined a municipality 200 000 SEK (approximately 20 000 euros) for using facial recognition technology to monitor the attendance of students in school

A school in northern Sweden has conducted a pilot using facial recognition to keep track of students' attendance in school. The test run was conducted in one school class for a limited period of time.

The Swedish DPA concluded that the test violates several articles in GDPR and has imposed a fine on the municipality of approximately 20 000 euros. In Sweden public authorities can receive a maximum fine of 10 million SEK (approximately 1 million euros). This is the first fine issued by the Swedish DPA.

The school has processed sensitive biometric data unlawfully and failed to do an adequate impact assessment including seeking prior consultation with the Swedish DPA.

The school has based the processing on consent but the Swedish DPA considers that consent was not a valid legal basis given the clear imbalance between the data subject and the controller.

Read the Swedish Authority for Privacy Protection's decision – Facial recognition used to monitor the attendance of students (pdf, 390 kB)

Latest update: 16 February 2022

Data protection

About IMY

About IMY

About IMY

About IMY

Search suggestions!

Facial recognition in school renders Sweden's first GDPR fine

More news on this topic

Administrative fine against Klarna after investigation

Administrative fine to the Swedish Customs for deficient routines

Administrative fine against Region Uppsala for breaches in its security

Investigation of 1177-incident finalized

More news on this topic

Administrative fine against Klarna after investigation

Administrative fine to the Swedish Customs for deficient routines

Administrative fine against Region Uppsala for breaches in its security

Investigation of 1177-incident finalized