In Andrew Niccol’s 1997 film Gattaca, genetic data dictates every opportunity, from career prospects to social standing. The true horror of the film lies not in overt control, but in how seamlessly surveillance becomes normalised under the guise of efficiency, security and progress. Once confined to the realm of science fiction, this premise now feels unsettlingly familiar in some modern workplaces.
Last week, JPMorgan Chase informed employees they must provide biometric data to access the firm’s New York headquarters. Entry now requires scanning fingerprints or eyes instead of swiping an ID badge.
Originally, the bank had planned for biometric registration at its new Manhattan skyscraper to be voluntary. However, according to internal communications seen by the Financial Times, staff have since been told that biometric access is now mandatory. At other JPMorgan offices, including London’s Bank Street site, biometric enrolment remains optional.
The new normal
Amid tightened attendance rules, rising cyber attacks and heightened security concerns, including the fatal shooting last year of UnitedHealthcare’s CEO Brian Thompson, many corporations are introducing stricter access controls. HSBC, for instance, plans to more than double its number of biometric readers from 350 to 779 across UK and US workplaces, introducing full-hand recognition technology.
“Biometric systems such as fingerprint or facial recognition offer a more secure alternative to traditional methods like keycards or passwords, which are increasingly vulnerable to sophisticated cyber attacks,” says Chris Garner, managing director at Avensure, an HR and employment law advisory.
As the technology becomes more reliable, cost-effective and accessible, Garner expects growing adoption across finance, technology and critical infrastructure sectors in order to protect sensitive premises and data.
What begins as a simple door scan could evolve into performance tracking
“More employers are bound to explore implementing biometric access control,” agrees Joseph Lappin, partner and head of the employment team at Stewart, a law firm. “Whether we like it or not, all of us share some personal data with countless organisations, public and private. Some employees will think little of handing over biometric details to their employer, particularly if the aim is to boost office security and make the process of entering and leaving the office as easy as possible.”
Yet critics warn that the trade-off is significant. “Workplace monitoring using biometrics is inherently intrusive,” argues Emily Carter, a data protection specialist and partner at Kingsley Napley LLP, a law firm.
She too notes a sharp rise in the use of biometric data alongside newer, more contentious forms of workplace monitoring, from tracking attention and stress levels to analysing emotions and productivity. One phonebooth maker is reportedly considering adding heart-rate sensors to its office furniture to help monitor people’s stress levels. Carter links these trends to increased paranoia about the productivity of workers following the pandemic. “Within this context, it’s not surprising to see increased implementation of tools to monitor employees more closely.”
Legal challenges
However, organisations must tread carefully to implement biometrics lawfully and responsibly. Under the UK’s General Data Protection Regulation (GDPR), biometric data is classed as special category data, which means there are limited grounds for processing it. Businesses must have a legitimate reason to roll it out, such as consent, legal obligation or public interest .
Indeed, organisations such as Amazon have faced legal challenges in the US and Europe with regard to their usage of biometric data on some of their sites, particularly concerning informed consent, data sharing and privacy violations. The fallout also highlights the growing discomfort many feel about being constantly monitored.
The Information Commissioner’s Office (ICO) – UK’s independent regulator for data protection – has said businesses must be transparent and explain why the data is being collected, used and stored. Employers should also seek express permission from employees and identify reasonable adjustments to be made.
“The ICO takes a very dim view of ‘tick-box’ consent in employment settings, especially where there are no genuine options for staff,” Carter says. “We can expect increasing regulatory focus on this area, as well as enforcement action, in coming years.”
Breakdown of trust
Even if biometric data is encrypted and inaccessible to employers, many workers may be uneasy about how their facial IDs or other biometric data may be used in the workplace. “The public backlash against the government’s plans to introduce digital ID cards tell us that concerns about privacy run deep,” Lappin says. “Employers introducing biometric access systems should expect at least some staff to have qualms about it.”
Furthermore, the impact on engagement and psychological safety is likely to be substantial, says Eleni Teichmann, lead people scientist at Culture Amp, an employee engagement platform. “Feeling constantly monitored can reinforce the disconnect between leaders and employees. If employees sense surveillance creeping into areas like mood or attentiveness, trust erodes quickly,” she explains. “What begins as a simple door scan could evolve into performance tracking.”
This comes at a time when global employee engagement is already declining. Staff engagement levels have fallen steadily since 2022, according to a 2024 study by Culture Amp. Two-fifths (41%) of workers reported experiencing workplace stress, while 17% said they frequently felt lonely.
Workplace monitoring using biometrics is inherently intrusive
Organisations should explain clearly why the system is necessary, defining the scope of data use and detailing protocols to prevent unauthorised expansion of data monitoring. At the same time, Teichmann warns against shifting unexpectedly from a planned voluntary biometric program to a mandatory requirement via internal communication. Any significant change in policy will harm trust, she says, and feels neither transparent nor considerate.
“Generally, new technologies are pushing the intensity, scope and intrusiveness of surveillance close to, and potentially also beyond, acceptable limits,” Teichmann says. There is a substantial risk of function creep, she adds, whereby monitoring steadily expands over time, eroding employee rights and wellbeing, especially if governance and workers’ rights protection are weak. “It’s the classical tension between freedom and safety – now in the modern workplace.”
The wider use of technology and data to track and monitor employee performance is a much broader debate – one that will only intensify. Ultimately, integrating biometrics responsibly requires more than data protection. It demands transparency, choice and trust. The next generation of professionals won’t blindly trade autonomy for convenience. They want to feel like participants in the system, not data points powering it.
In Andrew Niccol’s 1997 film Gattaca, genetic data dictates every opportunity, from career prospects to social standing. The true horror of the film lies not in overt control, but in how seamlessly surveillance becomes normalised under the guise of efficiency, security and progress. Once confined to the realm of science fiction, this premise now feels unsettlingly familiar in some modern workplaces.
Last week, JPMorgan Chase informed employees they must provide biometric data to access the firm’s New York headquarters. Entry now requires scanning fingerprints or eyes instead of swiping an ID badge.
Originally, the bank had planned for biometric registration at its new Manhattan skyscraper to be voluntary. However, according to internal communications seen by the Financial Times, staff have since been told that biometric access is now mandatory. At other JPMorgan offices, including London’s Bank Street site, biometric enrolment remains optional.
