Nowadays, it is common to find systems based on biometrics to carry out access control to facilities, either for access to the workplace or for other types of facilities, such as certain types of entertainment venues, including some soccer fields or other sports facilities.
However, this practice, although increasingly common, is not always lawful, and the AEPD has begun to establish criteria in various resolutions and reports, which reinforce the criteria relating to the proportionality of this type of activity.
In this case, the AEPD has sanctioned C.A. Osasuna for the unlawful implementation of a facial recognition system to control access to the stadium of the sports club.
The AEPD considers that the processing of personal data does not meet the requirements to be able to process biometric data, for the following reasons:
- The processing of biometric data, whether for the purpose of identifying users or authenticating them, poses a high risk to the rights and freedoms of the persons concerned, even when the system implemented generates an irreversible vector, considering that the technology used is only one factor to be taken into account.
- It is not considered to pass the judgment of necessity of the processing, even when there is explicit consent and alternative mechanisms, considering that there are other less intrusive methods that can obtain a very similar result, such as physical or virtual card systems.
- It is further understood that security-based justifications are not relevant, as they would otherwise have been included by the Football League in its regulations on the purchase and sale of tickets, as other types of measures are recognized and required.
Ensure doubts about the consent of biometric data!
Our experts will inform and advise you on the validity and compliance of the regulations.
