London, NFAPost: GSMA, the organiser of tech industry’s flagship event Mobile World Congress (MWC) in Barcelona, Spain, has been fined 200,000 euros (about $224,000) by Spain’s data protection watchdog over the biometric data collection of attendees in its 2021 event.
Spanish agency AEPD dismissed an appeal by the GSMA against the infringement finding, saying it infringed “Article 35 of the GDPR”.
The GDPR legislation mandates that a Data Protection Impact Assessment (DPIA) is carried out “proactively in situations where processing people’s data carries a high risk to individuals’ rights and freedoms”.
GSMA had a facial recognition system in place at the 2021 event, called BREEZZ. It offered attendees the option of using automated identity verification to enter the venue in person. Only 20,000 people attended MWC 2021 in person (17,462 to be precise) as per GSMA disclosures to the AEPD, as the event happened in the midst of the Covid-19 pandemic.
About 7,585 used the facial recognition system BREEZZ to access the venue, while the majority of the attendees opted for the alternative of manual checks of their ID documents. The GSMA had also offered virtual streaming of the event and no ID checks were required.
