Spanish watchdog dings GSMA over MWC 2021 facial recognition privacy

The GSMA has been fined $224,000 (€200,000) by the Spanish data protection watchdog over a breach of privacy rules at the Covid-era Mobile World Congress 2021 show.

The Agencia Española de Protección de Datos (AEPD) struck down an appeal by the GSMA in a ruling on  the BREEZ facial recognition data used by the GSMA at MWC. The Breez app for the MWC is produced by Scanvis, which is located in Hong Kong.

The report said, "according to the defendant [the GSMA], the SCANVIS entity with which it has an order to process the facial recognition system for access to the headquarters is located in a country outside the EU, and GSMA has signed standard contractual clauses with SCANVIS" It added that the MWC [facial recognition] data is hosted by Amazon Web Services in Germany.

The GSMA responded to the AEPD ruling and said that it didn’t relate to a data breach or unauthorized access to the GSMA’s systems.

Silverlinings reached out to the GSMA to ask if this ruling will change the way the company handles facial recognition at MWC in 2024 and beyond. "We continuously review and update our approach to data protection, employing innovative technology to deliver a safe attendee experience," Rebecca Atherley, PR director at GSMA told us via email.

"Our MWC App does not track event attendees," she continued. "I wanted to share that this year we ran a pilot program for selected GSMA employees who chose to opt-in, as part of our continuing commitment to enhance the overall attendee experience at MWC. For these GSMA employees who chose to opt-in, this pilot tracked location under specific conditions and was implemented with explicit authorization on the participant's device."

Tracking your face

There has already been a kerfuffle over Huawei tracking visitors to its booth at MWC 2023. Now the GSMA has been dinged for a breach of European privacy rules at MWC 2021.

Expect a lot more of this in the next few years. With a facial recognition app downloaded onto a mobile phone, you should know that it could potentially track you. Conference organizers can anonymize your details after the fact, but if any bad actors hack into the system then who knows what could happen. 

You didn’t think you were really off the grid, did you? You work in technology by jove! 😉


This story was updated on May 10 at 12:03:00 PM.