Mobile World Congress venue access facial recognition

Occurred: June 2021

Report incident 🔥 | Improve page 💁 | Access database 🔢

The organiser of the 2021 Mobile World Congress in Barcelona, Spain, was fined EUR 200,000 by Spain's data protection regulator for illegally collecting facial data about attendees.

According (pdf - in Spanish) to Spain's data protection agency AEPD, GSMA had failed to carry out a data protection impact assessment (DPIA).

The GSMA had offered attendees the option of using BREEZ, an automated identify verification system, to enter the venue in person rather than manually showing their ID documentation to staff. 7,585 chose the former, despite the event taking place during the COVID-19 pandemic.

Under the EU's GDPR privacy law, a DPIA must consider the necessity and proportionality of data processing, and examine the risks and how identified risks are to be minimised.

However, the complainant had contended that the GSMA had acted disproportionately by insisting in-person delegates upload their passport details online, contradicting its privacy policy.

System 🤖

BREEZ

Operator: GSMA
Developer: ScanViS

Country: Spain

Sector: Business/professional services; Telecoms

Purpose: Approve attendee access

Technology: Facial recognition
Issue: Privacy; Transparency

Legal, regulatory 👩🏼‍⚖️

News, commentary, analysis 🗞️

Related 🌐

Page info
Type: Incident
Published: May 2023

Page updated

Google Sites

Report abuse