The Mobile World Congress has to pay a fine of 200,000 euros because it insufficiently mapped the impact of facial recognition for visitors.
MWC, the largest telecom exchange in the world and the most significant tech exchange in Europe is fined for the 2021 edition. The Spanish data protection authority AEPD finds that MWC violates Article 35 of the GDPR, the data protection impact assessment article.
Since that year, the fair has used facial recognition to admit visitors. However, those who did not wish to do so could show proof of identity. MWC is working with Breezz for this, which also did so in the 2022 and 2023 editions.
According to Techcrunch, AEPD’s criticism is not so much about the fact that facial recognition should not be used but about the assessment that MWC itself had to make. Necessity and proportionality have not been studied enough. The organization also has too little insight into possible security risks while the biometric data of thousands of people were processed.
Remarkably, the case was started by a speaker invited to MWC in 2021. Dr Anastasia Dedyukhina spoke (virtually) about digital well-being but was also asked to upload biometric data to confirm her identity. Without sharing that data, she couldn’t participate on the spot, which ultimately didn’t happen. On LinkedIn, she explains how that resentment eventually led to a complaint and, two years later, to a fine.
The 2021 edition continued in full corona pandemic and only had 17,462 visitors. From the AEPD’s decision, we learn that 7,585 people used facial recognition at the time. In comparison, the 2023 edition had 88,500 people. Pre-corona in 2019, there were even 109,000.