Some experts warn that collecting employee biometric data poses new privacy and security risks.
What’s better than giving Amazon your personal shopping data? How about handing over your employees’ biometric data? Literally.
What’s happening? Amazon recently announced a new service called Amazon One Enterprise, retooling its proprietary palm-scanning payment technology for use in workplaces. Instead of swiping an ID badge or using a passcode, organizations that use the service can ask employees to scan their palms to enter the office or access HR records, according to CNBC.
While the technology is currently in preview only, some employers, including IHG Hotels & Resorts, have already signed up for the service, the cost of which has not yet been made public. Amazon claims the biometric tech will save employees time and hassle in removing the need to remember passwords or bring ID cards to work, according to a press release.
“Our goal is to offer employees a new and convenient way to identify themselves,” said Nick Krieble, global head of identity and access management at IHG, in a statement. “This approach will streamline the way we authenticate, give staff access to the tools they need, and make access easier than ever for them.”
Privacy concerns. For years, privacy advocates have warned of the potential for abuse of collected biometric data. In 2021, Red Rocks Amphitheater in Colorado (managed by the Denver government) began using Amazon’s palm-scanning technology for customers, but reversed course after protests from advocates and artists over privacy concerns, the Wall Street Journal reported. (Red Rocks spokesman Brian Kitts told the Journal at the time that the venue’s decision to stop using the technology was unrelated to privacy concerns.)
In 2008, Illinois passed a law that regulates how businesses collect and keep biometric information, and made it illegal for private entities to profit from the biometric information they gather. But nationwide, the legal landscape regarding biometric privacy rights is “fragmented,” Liz Brown, an associate professor of law and taxation at Bentley University, told HR Brew in 2022.
Amazon said that it doesn’t hold a client’s employee biometric data, and the data is instead controlled by the employer. It also asserts that employee data is more secure with palm-scanning than data collected via badge or controlled by passwords. When a worker leaves a company, they or the employer can delete the associated data, the company asserted.
But some experts aren’t convinced that Amazon has the privacy concerns figured out. “These palm readers are intended to normalize the act of giving up your biometric data anywhere, any time. And what happens if the palm data—like so many other ID systems—gets hacked? Good luck finding a new palm,” Mark Hurst, CEO of the consulting firm Creative Good, told SiliconANGLE.