Subj : MWC organizers fined over GDPR biometric security concerns
To   : All
From : TechnologyDaily
Date : Tue May 09 2023 15:15:03

MWC organizers fined over GDPR biometric security concerns

Date:
Tue, 09 May 2023 14:13:54 +0000

Description:
Privacy rules were breached in at MWC 2021 event, Spains data protection 
watchdog says.

FULL STORY
======================================================================

The GSMA, the organizers behind Barcelonas annual Mobile World Congress 
(MWC), have been fined 200 million for not carrying out a data protection 
impact assessment (DPIA) 

Per TechCrunch , the decision (PDF) delivered in Spanish by the Agencia 
Espanola de Proteccion de Datos (AEPD) found that the GSMA fell short when 
failing to account for biometric data collected from attendees, partially as 
a result of BREEZZ - an optional, automated identity verification system 
permitting entry to the event. 

The GSMAs assessment was found, per the decision, to be merely nominal, 
neglecting to account for substantive aspects of its data processing methods, 
nor the risks of, or need for, the BREEZZ system. The GDPR and MWC's DPIA 

The EUs General Data Protection Regulation (GDPR) requires that a robust DPIA 
be carried out when data collection may pose a high risk to the right to 
privacy of those affected Biometric facial recognition technology falls into 
this category in this case because said data was used to identify MWC 
attendees. 

The AEPD also ruled that the GSMA collected passports and EU identity 
documentation from attendees, and required them to consent to biometric data 
collection as part of the upload process. 

The GDPR clearly states that consent must be specific, and given freely, but, 
as discovered by digital wellness advocate Dr Anastasia Dedyukhina, this 
clearly wasnt an option. 

I could not find a reasonable justification for it, she wrote in a LinkedIn 
post, their website suggested that I could also bring my ID/passport for 
in-person verification, which I didnt mind." Read more 

> Google sued for collecting biometric data without consent 


 > What does AI mean for data privacy? 


 > Weve also listed the best privacy tools right now 

"However, the organizers insisted that unless I upload my passport details, I 
COULD NOT attend the live event and would need to join virtually, which I 
ended up doing. 

The GSMA continued these practices for the 2022 and 2023 events, but, in 
light of the AEPDs ruling, things will likely have to change - almost 
certainly for the better. Heres our list of the best business VPNs right now



======================================================================
Link to news story:
https://www.techradar.com/news/mwc-organizers-fined-over-gdpr-biometric-securi
ty-concerns


--- Mystic BBS v1.12 A47 (Linux/64)
 * Origin: tqwNet Technology News (1337:1/100)

.