Serco Leisure ordered to stop using facial recognition tech on workers

The Information Commissioner’s Office found that Serco Leisure unlawfully process biometric data for more than 2,000 employees.

Henry Saker-Clark
Friday 23 February 2024 11:41 GMT
A general view of a Serco van (Ian Nicholson/PA)
A general view of a Serco van (Ian Nicholson/PA) (PA Archive)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

The UK privacy and data protection watchdog has ordered Serco Leisure to stop using facial recognition technology to monitor the attendance of leisure centre employees.

The Information Commissioner’s Office (ICO) found that Serco Leisure and community leisure trusts were unlawfully processing the biometric data of more than 2,000 employees at 38 leisure facilities across the UK.

It said facial recognition and fingerprint scanning were used to monitor workers’ attendance and then the subsequent payment for their time.

The leisure centre operator failed to show why these methods were needed rather than “less intrusive” means, such as ID cards or fobs for staff, the ICO said.

The ICO also said employees were also not offered a clear alternative to having their faces and fingerprints scanned.

John Edwards, the UK Information Commissioner, said: “Biometric data is wholly unique to a person so the risks of harm in the event of inaccuracies or a security breach are much greater – you can’t reset someone’s face or fingerprint like you can reset a password.

“Serco Leisure did not fully consider the risks before introducing biometric technology to monitor staff attendance, prioritising business interests over its employees’ privacy.

“There is no clear way for staff to opt out of the system, increasing the power imbalance in the workplace and putting people in a position where they feel like they have to hand over their biometric data to work there.

“This is neither fair nor proportionate under data protection law and, as the UK regulator, we will closely scrutinise organisations and act decisively if we believe biometric data is being used unlawfully.”

A Serco Leisure spokesman said: “This technology was introduced at the leisure centres we manage nearly five years ago to make clocking-in and out easier and simpler for colleagues.

“We engaged with our team members in advance of its rollout and its introduction was well-received by colleagues.

“The introduction also followed external legal advice which said use of the technology was permitted.

“Despite being aware of Serco Leisure’s use of this technology for some years, the ICO have only this week issued an enforcement notice and requested that we take action.

“We now understand this coincides with the publication of new guidance for organisations on processing of biometric data which we anticipate will provide greater clarity in this area.

“We take this matter seriously and confirm we will fully comply with the enforcement notice.”

Serco Leisure is a subsidiary of Serco Group.

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in