On the occasion that the company performing gym service processes some personal data of special nature including biometric data such as setting hand-scanning system at the entrance-exit control of its members and suspicion that if this information is kept safe, as a result of the examination of the complaint submitted to the Board by the data subjects, with the decision of the Personal Data Protection Board dated 27/02/2020 and numbered 2020/167;
– Authentication of the identity of individuals by scanning hand to control entrance and exit of the gym meets the biometric data definition,
– It is concluded that the use of an order containing biometric data at the entrance and exit of the facility is contrary to the principle of proportionality, even if an optional right is offered.
Therefore, it has been concluded that the activity of the company constitutes a violation of the data security legislations of the Law on Personal Data Protection No. 6698. Based on these issues, 225,000 TRY administrative fine was imposed against the data controller.