Manfield Schoenen B.V. – Court Ruling (Netherlands, 2019)

Mansfield introduced an obligatory employee fingerprint scanner on cash registers in its stores. One of the employees objected to the use of this technology based on [Article 9 GDPR] and Article 29 of the Dutch GDPR Implementation Act (“UAVG”). The store employee did not agree that the processing of the fingerprint was necessary for the authentication and security purposes. The parties asked the Court to clarify whether the use of fingerprint scanner in this case violated the right to privacy of the store sales assistant. The judge found that a fingerprint constituted indeed personal data (same authorisation system was also used for time registration purposes, which means there was a clear link between the fingerprint and a person) and that Manfield was not allowed to process fingerprints to enhance its security and fraud prevention measures. It also found that Article 29 of the Dutch GDPR Implementation Act was not applicable in this case because Manfield could not demonstrate necessity and proportionality of this processing.