A Sydney high school has embraced the ever-expanding surveillance state, requiring students to scan their fingerprints if they wish to use the toilet. 

Moorebank High School in south-west Sydney has seen fit to install touch pads at the entrance to their bathrooms – technology which has time and again been proven to be misused by those who host, or have or gain access to it.

Those at the school who are supposed to be protecting children and promoting a healthy and natural environment claim the measure makes students feel safe to use the toilets, and will keep the facilities clean and free from graffiti and anti-social behaviour when there is no teacher supervision.

Lack of consultation

The controversial and perhaps short-sighted move has sparked outrage from some parents, who say they weren't asked for consent to take their children's fingerprints, and one mother has requested that her daughter's fingerprints be deleted from the system.

The school has stated that the system is not compulsory and there are other options, begging the questions are to why taxpayer dollars are being allocated to put it there in the first place.

Contrary to the assertions of some parents, the school claims:

"The parent community was consulted about the new initiative at Moorebank High School via a community focus group. The decision to install the mechanism was ratified by this group on more than one occasion".

The school proceeds to state, "all parents" were notified via "school newsletters and the minutes of community focus group meetings which were emailed to all parents."

Increasing use of biometric data

Moorebank High School is not the only school using the technology – other schools across New South Wales have been using it for students to mark their attendance for a number of years and both digital experts and privacy advocates have raised concerns because biometric data, such as fingerprints, should be handled with care.

While some of us readily use our fingerprints as access to our smartphones, many believe that bringing the technology into schools for something as necessary as using the bathroom goes a step too far.

This biometric data relates to our personal physical or physiological make-up. It is not only unique, it is highly valuable, and, if we are to hand it over to a company or organisation then we should be very clear about what data security protections are in place, including policies and procedures for access and use, so that the data is not at risk of misuse.

What does the law say?

In New South Wales, to obtain a fingerprint, NSW Police cannot conduct forensic procedures such as obtain fingerprints without a person's informed consent, or a court order.

Issues surrounding biometric data and consent have not been extensively tested in the courts here in Australia, although there was a case in th Fair Work Tribunal in 2019 which explored some of the issues around personal privacy and biometric data.

A Queensland worker was fired from his job after refusing to give his fingerprint to his employer, who had requested it for a new security access system for the workplace. The employee took the case to the Fair Work Tribunal, claiming he was unfairly dismissed. The case centred as much around the issue of privacy as it did around the issue of whether it was appropriate for the employer to access an employee's biometric data.

The case went to the FWC twice. In the first ruling, a single Commissioner determined in favour of the employer, finding that the fingerprint scanning system was a reasonable policy and that the sawmill company was permitted to require employees to comply with it — and to dismiss employees who did not.

However, in an appeal, the employee was successful. While the Commission made clear that employees have an obligation to "comply with all lawful and reasonable directions" from an employer, it also noted that the Privacy Act states that when an employer wants to collect sensitive information — such as fingerprints — they must give sufficient notification and allow for a process of informed consent.

The risk of biometric data breaches

While the 2019 case doesn't set any kind of precedents about biometric data ownership or the myriad of legal issues surrounding it, it does however, serve as a warning for all of us who are cavalier about our biometric data to take a more careful approach to handing it over, particularly in terms of what providing 'informed consent' means. Furthermore, we should also understand how we are able to retrieve this data if we wish to, and ensure that it is permanently deleted from the database.

In Australia most experts agree that more needs to be done to strengthen privacy laws in relation to biometric data. This is an ongoing issue for lawmakers as they aim to keep up with rapid changes in technology, and the widespread implementation of new technologies.

In recent years Facebook and Westfield Shopping Centres have both come under fire for their use of facial recognition technology, without properly informing users they are doing so.

For now, the best approach for those using these technologies is to be informed about who you're consenting use of your data to and why, and in particular to understand the consequences of potential data leaks and make decisions about who we hand our biometric data to.

Even the biggest corporations and  government agencies are vulnerable to hackers and data breaches and cyber crime is on the rise. It's important to remember that unlike a text password, a fingerprint or a facial print cannot be changed if it is used to access personal information and has been compromised.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.