A primary school in Poland has been fined PLN 20,000 for its rather shocking processing of pupil data. The school had been processing fingerprint data of pupils in order to identify their entitlement to school dinners. Even though parents had consented to such use of biometric data, the Polish data protection authority understandably held that the processing of such data in this context was wholly disproportionate to the purpose. Not only that, but pupils without biometric identification found themselves differentiated and at the back of the queue as their data divulging peers were fast tracked in the canteen each day.
The lesson? Consent doesn't make privacy concerns go away. Apply common sense to the processing options available and appropriate in the circumstances.