Unknown Organisation – €725,000 Fine (Netherlands, 2020)

€725,000Autoriteit Persoonsgegevens30 April 2020Netherlands
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Dutch organization was fined for requiring employees to use fingerprint scans to clock in and out without proper consent. The company couldn't justify the need for this sensitive data. This case emphasizes the need for clear consent when using biometric data.

What happened

The organization required employees to use fingerprint scans for attendance tracking without valid consent.

Who was affected

Employees who were required to provide fingerprint scans to record their attendance.

What the authority found

The authority ruled that the organization violated GDPR by processing biometric data without a valid legal basis, such as consent.

Why this matters

This case highlights the strict rules around using sensitive data like fingerprints. Companies should ensure they have a clear legal basis for processing biometric data, emphasizing the importance of obtaining explicit consent.

GDPR Articles Cited

AI-verified

Art. 5 GDPR
Art. 9 GDPR
View original scraped data
Art. 5 GDPR
Art. 9 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
date discrepancy
Netherlands enforcementAutoriteit Persoonsgegevens actionsAll Unknown Organisation actions
Full Legal Summary
Detailed

The organisation had required its staff to have their fingerprints scanned to record attendance. However, as the decision of the data protection authority stated, the organisation could not rely on exceptions to the processing of this special category of personal data and the company could also not provide any evidence that the employees had given their consent to this data processing.

Related Enforcement Actions (0)

No other enforcement actions found for Unknown Organisation in NL

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

30 April 2020

Authority

Autoriteit Persoonsgegevens

Fine Amount

€725,000

Enforcement Tracker ID

ETid-274

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Unknown Organisation - Netherlands (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: