In a landmark decision, the Fair Work Commission Full Bench (FWCFB) has held that a worker was unfairly dismissed for refusing to use sign-in fingerprint scanners at work. In upholding the workers' appeal, the FWCFB found that the direction to use the scanner, while important for safety and more efficient, was unlawful as it did not comply with the Privacy Act 1988 (Cth) (Privacy Act). The case of Jeremy Lee v Superior Wood Pty Ltd [2019] FWCFB 2946 is important for all employers looking to introduce data collection technology in the workplace, and how any refusal to participate in that process should be managed.

What happened?

The employee was employed by a timber manufacturing company as a casual general hand. In 2017 fingerprint scanners were introduced for employees to use when signing in and out of shifts. The employee refused to register his fingerprints and expressed his concern about the control of his biometric data and the inability of the employer to guarantee no third party access to the data. He was assured by the scanner's supplier that the collected data would only be used for linking payroll numbers to a clock in/out time. However, the employee continued to resist use of the scanners and, after being issued a verbal and subsequent written warnings, was dismissed from his employment.

The legal issues

The employee initially lost his case before a single commissioner in the Fair Work Commission because he failed to prove his dismissal was harsh, unjust or unreasonable. This was because his conscientious objection to the biometric data being used by the employer was not characterised as a lack of consent. Rather his objection was seen as unreasonable considering one of the stated purposes of the Site Attendance Policy was to ensure worker safety in an emergency situation and to improve payroll efficiencies and integrity in verifying when workers clocked on and off. In addition, the worker had been repeatedly warned that his failure to use the biometric scanner would result in his dismissal.

On appeal, the employee raised nine grounds of appeal, mainly centred on arguments that the scanner system was a potential breach of the Privacy Act and that it was not reasonably necessary for the system to be installed. The employee argued this position rendered the reason for the dismissal (for refusing to comply with the direction in the employer's Attendance Policy to use the system to sign in and out of work) invalid. The employee also argued that there had been a mistake of fact in finding that the scanners improved safety at the workplace.

To determine the appeal, the Full Bench considered whether the employer's direction was reasonable and lawful, taking into account the Australian Privacy Principles (Principles) scheduled to the Privacy Act. The Principles provide for 'open and transparent management of personal information' and prohibit the collection of sensitive information unless it is reasonably necessary for the entity's function or activities and the individual consents to the collection.

Legal findings

In upholding the worker's appeal, the FWCFB held that the worker's failure to comply with the employer's directions was not a valid reason for dismissal. It held the employers' direction was unlawful and thus did not find it necessary to consider whether it was reasonable. Factors taken into account included that the employer did not have a privacy policy, did not issue a privacy collection notice and did not inform employees of the other entities that would have access to the sensitive information, thereby breaching transparency requirements outlined in the Privacy Act and Principles. Further, any consent obtained from the employee would have been vitiated by the threat of dismissal. As the Full Bench stated, 'a necessary counterpart to a right to consent is a right to refuse it'. The Full Bench also dismissed the employer's attempt to rely on the 'employee records' exemption under the Privacy Act to absolve itself of responsibility because the exemption applies only to sensitive information that has been created or is within the employer's custody or control. In this case, the employer was only at the stage of soliciting the sensitive information, it had not in fact collected the information. As such, the employer could not yet rely on the employee records exemption to escape the reach of the Privacy Principles and the direction to the employee to submit to the collection of his finger print data, without his consent, was not a lawful direction.

However, the FWCFB did maintain the finding that scanners could improve safety at the workplace by providing an accurate record of attendance on site. This is an interesting finding where the FWCFB also acknowledged the potential risks of collecting and retaining that information, reflecting the conflict between workplace safety and privacy concerns.

Employment law lessons

This decision is an important reminder for employers to ensure that data collection in the workplace, even if it could improve safety and efficiencies, is only used if necessary and is carried out in compliance with the relevant privacy legislation. With new and emerging technology being utilised in workplaces, employers must take care to have regard to privacy concerns and employee consent, especially before making any dismissal decisions based on a refusal of an employee to submit to the technology.

In terms of privacy law issues, it will be interesting to see if the privacy regulator takes any action with the employer. Stay tuned for our upcoming article which will examine the privacy law aspects of this decision in more detail.

This publication does not deal with every important topic or change in law and is not intended to be relied upon as a substitute for legal or other advice that may be relevant to the reader's specific circumstances. If you have found this publication of interest and would like to know more or wish to obtain legal advice relevant to your circumstances please contact one of the named individuals listed.