A school used facial recognition to illegally record class attendance

A Swedish watchdog fined a local authority over $20,000 for trialing a facial recognition software on high-school students to keep track of their attendance.

The school in northern Sweden claims it obtained the permission of students and their parents to use the software over a period of three weeks.

But the Swedish Data Protection Authority (DPA) claims that the school violated several articles under the General Data Protection Regulation (GDPR), claiming the student's attendance could have been collected in a way that did not involve camera surveillance.

This is the very first time the country has been issued a GDPR fine.

Visit Business Insider's homepage for more stories.

A watchdog fined a Swedish local authority over $20,559 (200,000 SEK) after it was caught trialing facial recognition technology to monitor the attendance of high-school students, according to a report by the European Data Protection Board (EDPB).

The school in Skellefteå, a city in northern Sweden, was running a pilot program that tracked 22 students over the course of three weeks, recording a pupil every time they entered a classroom.

The high school board stated that they received the students' and parents' consent to use facial recognition for attendance control, as stated in the EDPB report.

Read more: Childhood anxiety tied to school absences

However, the Swedish Data Protection Authority concluded that the program still violated several articles of the General Data Protection Regulation (GDPR), imposing a fine on the municipality, which is ultimately responsible for the data collected. The DPA also claims the school failed to warn participants of the program's impact and should have consulted with them first.

The GDPR is a privacy regulation in EU law that came into effect last year and was designed to strengthen how personal data and the right to privacy is protected for individuals, which also includes facial images. The EDPB confirm that in Sweden, public authorities can be fined up to $1.1 million for failing to comply with this regulation.

Read more: A futuristic Chinese TikTok video shows a woman paying for vending machine items with no money or card — just her face

This is the first time that Sweden has ever issued a fine under GDPR.

“Facial recognition is a technology in its infancy, but its development is fast. Therefore, we see a great need to clarify something that will serve all actors,” said the Director-General of the DPA, Lena Lindgren Schelin.

The agency concludes that facial recognition technology interferes with the integrity and privacy of the students by monitoring their daily lives and that there are less intrusive ways to monitor attendance — ones that do not involve camera surveillance.