As we explain in our post Presence Control (1), the recording of working hours continues to be an obligation for Spanish companies. But in 2024 it is prohibited to keep track of working hours through biometric means.
The Spanish Data Protection Agency has published a new guide on presence control treatments using biometric systems (fingerprint, image, palm, etc.). With the publication of this guide, the Agency changes the criteria it had regarding the use of these devices, both for recording work hours and for access control in the work and non-work environment.
Based on these new criteria, the fingerprint option or any other type of biometric data must be disabled and the said day or access registration system must be changed to mechanisms based on PIN / CARD / KEY FOB or similar.
In addition, the minutiae/logs/patterns associated with the fingerprint, palm, face, etc., must be erased from any database.
The application of this regulation is immediate and non-compliance is already costing the offending companies a few thousand euros in economic sanctions.