Court case Case No. 5888-20 – Court Ruling (Sweden, 2021)

The Swedish DPA carried out an investigation of the Upper Secondary School Board in Skellefteåmunicipality and its pilot project at a high school that used facial recognition to record student attendance. The cameras installed with this technology use biometric personal data to uniquely identify natural persons. Such biometric personal data qualifies as particularly sensitive personal data (under Article 9 GDPR) concerning children. According to Article 9(1), the processing of such data shall be prohibited. The prohibition does not apply if the data subject consents to the processing of personal data for a specific purpose (Article 9 (2). For a consent to be valid, it must have been given voluntarily. Following an initial decision by the Swedish DPA, holding that the Board had violated the GDPR, the Upper Secondary School Board contended that students and their guardians provided valid consent to use of the facial recognition technology and appealed to the Court of Appeal. Following the appeal, the Court of Appeal in Stockholm upheld the decision of the Swedish DPA. The Upper Secondary School Board appealed the decision to the administrative court but the administrative court dismissed the appeal, finally rendering the decision of the Swedish DPA final. The Swedish DPA (IMY) held that the use of facial recognition technology to register student attendance is in violation with Articles 5, 9, 35 and 36 GDPR. It explained that students cannot provide meaningful consent to such data processing because of their dependence on school services. While there is a legal basis for administering the attendance of students at school, there is no legal basis to perform the task through the processing of sensitive data. The technology amounts to an intrusion of student integrity and is thus disproportionate to the task of measuring attendance. Furthermore, the DPA considered that the risk assessment reported by the Upper Secondary School Board did not meet the requirements o