It has been announced that Football clubs across Germany and the Netherlands will be considering the use of facial recognition and biometric systems for stadium access, with countries like Italy planning to follow suit. The rollout is aimed at reducing queues and improving security while tackling potential ticket fraud at the same time. This has sparked debate among privacy experts - since biometric data ought to receive enhanced protection under GDPR(❗) clubs would have to face significant compliance obligations before rolling out such systems to make sure everything remains legal and in proper scope.
👇 Key points to consider:
☑️ Biometric data is classified as special category personal data under GDPR and thus triggers stricter processing requirements
☑️ Clubs will need some measure of explicit consent, transparency measures, as well as robust Data Protection Impact Assessments before deployment
☑️ Questions circulate around data retention and data storage, as well as concerns about surveillance and whether opt out options are realistic in such scenarios
☑️ Regulatory scrutiny is increasing, especially in the usage of AI and ML-related cases of facial recognition
Some argue that biometric entry could create a faster ticketless experience, while others question whether convenience justifies collecting highly sensitive personal data at such scale. It is clear that organisation that chose to implement the above would have to demonstrate necessity, proportionality, and clear safeguards according to the GDPR requirements to remain compliant.
💭 Would you be comfortable using facial recognition to enter a stadium if it meant shorter queues and improved security?
