The Spanish data protection watchdog has imposed a fine of €200,000 (~$224k) on the GSM Association (GSMA), the organizer of Mobile World Congress (MWC) 2021, for breaching privacy rules. The violation was related to the collection of biometric data of show attendees, including the implementation of a facial recognition system called BREEZZ. The system allowed attendees the option of using automated identity verification to enter the venue in person instead of manually showing their ID documentation to staff. The GSMA was found to have breached Article 35 of the General Data Protection Regulation (GDPR), which deals with requirements for carrying out a data protection impact assessment (DPIA).
Violation of GDPR Leads to Penalty
Less than 20,000 people registered attended the 2021 edition of MWC in person, with only 7,585 using the facial recognition system BREEZZ to access the venue. The Spanish agency, AEPD, dismissed an appeal by the GSMA against the infringement finding, which requires carrying out a DPIA proactively in situations where processing people’s data carries a high risk to individuals’ rights and freedoms. The majority of attendees opted for the alternative of manual checks of their ID documents. With MWC 2021 taking place during the pandemic, the GSMA offered virtual attendance, with conference sessions being streamed to remote viewers, and no ID checks were required for that type of attendance.
The Hindustan Herald Is Your Source For The Latest In Business, Entertainment, Lifestyle, Breaking News, And Other News. Please Follow Us On Facebook, Instagram, Twitter, And LinkedIn To Receive Instantaneous Updates. Also Don’t Forget To Subscribe Our Telegram Channel @hindustanherald