Sawmill worker Jeremy Lee refused to enrol his fingerprints in the new access control system.

QUEENSLAND sawmill worker, Jeremy Lee, has won an unfair dismissal case against his employer, Superior Wood, which installed a biometrics-based fingerprint access control solution to manage entry and exit at its facility.

After the system was installed, Lee refused to enrol his fingerprints on the basis the biometric data was his own and it was not appropriate for his employer to have it. After a period of 3 months, during which Lee said his employer ‘tried to coerce him’ into registering his biometric data, Lee was fired.

According to The Privacy Act, when an employer wants to collect sensitive information such as biometric data it must give sufficient notification and allow for a process of informed consent. The commission found Superior Wood had not provided such a process and that the company’s biometric access control system had violated the Privacy Act.

Superior Wood argued the new system allowed better tracking of who was or wasn’t on the premises – this is standard access control management functionality. But Lee argued a card-based access control system could be just as effective as a biometric identity check.

Superior Wood disagreed – and it’s hard not to be sympathetic with sawmill management here – biometric systems really are the only way to be certain particular persons, rather than particular cards, are on your site.

After his dismissal, Lee and his legal representatives launched an unfair dismissal case that was unsuccessful when first heard by a single commissioner at the Fair Work Commission.

According to the commissioner, the fingerprint scanning access control system was a reasonable policy and Superior Wood had a right to dismiss employees who didn’t comply with using it.

After this failure, Lee appealed against the decision, arguing his case before a full bench of the Fair Work Commission with no legal representation.

“My objection was that I own it (my biometric data). You cannot take it. If someone wants to get it or take it, they have to get my consent,” Lee told The Law Report.

“If someone else has control of my biometric data they can use it for…purposes that benefit them, not me – that is a misuse,” Lee said.

The commission’s full bench found there was no valid reason to fire Lee for refusing to provide consent to the company to use his fingerprints and biometric data and a few weeks ago, found he had been unfairly dismissed.

Josh Bornstein, national head of employment law with Maurice Blackburn lawyers told The Law Report Lee’s case reflects “the complicated intersection of privacy and technology — an area in which the law is struggling to keep up pace”.

“It’s off the charts for a self-represented litigant dealing with very sophisticated legal issues to have such an outstanding result,” Bornstein said. “I think it was a fantastic and unusual outcome.”

“There’s a huge issue more broadly in our society as to whether people’s privacy protections are being maintained, with the rapid pace of technological change,” Bornstein said.

“We’re seeing employees more closely regulated than ever before — on a 24/7 basis. There’s no doubt regulation is lagging well behind the development of technology…is our personal information – our fingerprint data, the image of our face – property?”

The case will not set a legal precedent that can be used against employers installing biometric access control, but it creates a significant reference point for future cases. It also suggests employers – and manufacturers and integrators, too – need to be sensitive when it comes to managing transitions from card-based to biometric access control solutions.