To print this article, all you need is to be registered or login on Mondaq.com.
A Sydney high school has embraced the ever-expanding
surveillance state, requiring students to scan their
fingerprints if they wish to use the toilet.
Moorebank High School in south-west Sydney has seen fit to
install touch pads at the entrance to their bathrooms –
has time and again been proven to be
misused by those who host, or have or gain access to it.
Those at the school who are supposed to be protecting children
and promoting a healthy and natural environment claim the measure
makes students feel safe to use the toilets, and will keep the
facilities clean and free from graffiti and anti-social behaviour
when there is no teacher supervision.
The controversial and perhaps short-sighted move has sparked
outrage from some parents, who say they weren’t asked for
consent to take their children’s fingerprints, and one mother
has requested that her daughter’s fingerprints be deleted from
The school has stated that the system is not compulsory and
there are other options, begging the questions are to why taxpayer
dollars are being allocated to put it there in the first place.
Contrary to the assertions of some parents, the school
“The parent community was consulted about the new
initiative at Moorebank High School via a community focus group.
The decision to install the mechanism was ratified by this group on
more than one occasion”.
The school proceeds to state, “all parents” were
notified via “school newsletters and the minutes of community
focus group meetings which were emailed to all parents.”
of biometric data
Moorebank High School is not the only school using the
technology – other schools across New South Wales have been
using it for students to mark their attendance for a number of
years and both digital experts and privacy advocates have raised
concerns because biometric data, such as fingerprints, should be
handled with care.
While some of us readily use our fingerprints as access to our
many believe that bringing the technology into schools for
something as necessary as using the bathroom goes a step too
This biometric data relates to our personal physical or
physiological make-up. It is not only unique, it is highly
valuable, and, if we are to hand it over to a company or
organisation then we should be very clear about what data security
protections are in place, including policies and procedures for
access and use, so that the data is not at risk of misuse.
What does the
In New South Wales, to obtain a fingerprint, NSW Police cannot
conduct forensic procedures such as obtain fingerprints without a
person’s informed consent, or a court order.
Issues surrounding biometric data and consent have not been
extensively tested in the courts here in Australia, although there
was a case in th Fair Work Tribunal in 2019 which explored some of
the issues around personal privacy and biometric data.
A Queensland worker was fired from his job after refusing to
give his fingerprint to his employer, who had requested it for a
new security access system for the workplace.
The employee took the case to the Fair Work Tribunal, claiming
he was unfairly dismissed. The case centred as much around the
issue of privacy as it did around the issue of whether it was
appropriate for the employer to access an employee’s biometric
The case went to the FWC twice. In the first ruling, a single
Commissioner determined in favour of the employer, finding that the
fingerprint scanning system was a reasonable policy and that the
sawmill company was permitted to require employees to comply with
it — and to dismiss employees who did not.
However, in an appeal, the employee was successful. While the
Commission made clear that employees have an obligation to
“comply with all lawful and reasonable directions” from
an employer, it also noted that the Privacy
Act states that when an employer wants to collect sensitive
information — such as fingerprints — they must give
sufficient notification and allow for a process of informed
The risk of
biometric data breaches
While the 2019 case doesn’t set any kind of precedents about
biometric data ownership or the myriad of legal issues surrounding
it, it does however, serve as a warning for all of us who are
cavalier about our biometric data to take a more careful approach
to handing it over, particularly in terms of what providing
‘informed consent’ means. Furthermore, we should also
understand how we are able to retrieve this data if we wish to, and
ensure that it is permanently deleted from the database.
In Australia most experts agree that more needs to be done to
strengthen privacy laws in relation to biometric data. This is an
ongoing issue for lawmakers as they aim to keep up with rapid
changes in technology, and the widespread implementation of new
In recent years Facebook and Westfield Shopping Centres have
both come under fire for their use of facial recognition
technology, without properly informing users they are doing so.
For now, the best approach for those using these technologies is
to be informed about who you’re consenting use of your data to
and why, and in particular to understand the consequences of
potential data leaks and make decisions about who we hand our
biometric data to.
Even the biggest corporations and
government agencies are vulnerable to hackers and
data breaches and cyber crime is on the rise. It’s
important to remember that unlike a text password, a fingerprint or
a facial print cannot be changed if it is used to access personal
information and has been compromised.
The content of this article is intended to provide a general
guide to the subject matter. Specialist advice should be sought
about your specific circumstances.