Facial Recognition Technology and GDPR Compliance

Written by: Richard Sheinis, Esq.

A soccer team in Denmark is using facial recognition technology to stop unruly fans, apparently with the approval of the Danish Data Protection Agency (“DDPA”).  The technology is used to scan fans as they enter the stadium.  The scans are then compared against a list of banned troublemakers to determine if they are allowed into the stadium.

Facial recognition technology has received a bad rap lately, even being banned in U.S. cities like San Francisco.  However, the Brondby soccer club, after lengthy negotiations with the DDPA, has shown that within proper boundaries facial recognition technology can pass muster under the General Data Protection Regulation.

Those pictured on the watchlist are entered into the system on the day of the game and are deleted shortly after the game.  As fans enter the stadium, any positive hits are cross-checked to avoid false positives.  Some privacy advocates still object to this use of facial recognition technology because it is invasive and error prone.

However, facial recognition technology can be so useful in protecting the public, the better course of action is to continue to develop the parameters within which facial recognition technology can be used beneficially while respecting the privacy rights of all.  Like much in the privacy world, it is a matter of finding the right balance.