Aena Hit With €10 Million Fine Over Airport Facial Recognition

Spain’s airdrome operator, Aena, has recovered itself astatine nan centre of a awesome privateness statement aft being deed pinch a €10 cardinal good for nan measurement it rolled retired its facial-recognition boarding system. The sanction, imposed by Spain’s Data Protection Agency (AEPD), is 1 of nan largest nan regulator has ever issued – and Aena is thing but happy astir it.

The programme successful mobility allows passengers to committee simply by looking astatine a camera. No passport. No boarding pass. Just a look scan. It has been tested successful respective airports crossed Spain, and for galore travellers it felt for illustration a glimpse of nan future. But nan AEPD says that early was launched without nan required ineligible homework.

Why nan watchdog stepped in

According to nan AEPD, Aena launched its biometric boarding strategy without completing a due Data Protection Impact Assessment beforehand – a mandatory measurement erstwhile a institution plans to process delicate accusation specified arsenic facial patterns.

The regulator argues that:

• the appraisal wasn’t done correctly,
• the risks weren’t evaluated successful depth, and
• the programme utilized biometric information moreover though little intrusive alternatives existed for nan aforesaid purpose.

In elemental terms: nan exertion mightiness beryllium convenient, but nan AEPD believes it wasn’t justified, wasn’t documented properly, and wasn’t backed by a afloat compliant consequence assessment.

Aena pushes back: “We don’t work together pinch this fine”

Aena reacted quickly – and firmly.

In a statement, nan airdrome usability said it “respectfully disagrees” pinch nan sanction, some successful really nan AEPD reached its conclusion and successful nan size of nan penalty. The institution says nan required effect assessments were carried out, and insists they complied pinch nan law.

Aena besides stressed thing galore travellers will want to hear: location has been nary information breach, nary leak and nary unauthorised entree involving passengers who signed up for nan facial-recognition system.

“The custody of this information has ne'er been astatine risk,” nan institution said, adding that each participants gave voluntary, informed consent, precisely arsenic nan rule requires.

So what was nan facial-recognition strategy doing?

The biometric strategy utilized by Aena scans a passenger’s look and matches it pinch different individual information stored for nan boarding process. The thought is to:

• avoid queues astatine archive checks,
• make boarding smoother, and
• increase security.

But because facial patterns are classified arsenic special-category data, they’re tightly regulated. The AEPD concluded that Aena’s setup did not meet nan principles of necessity and proportionality, and that its consequence and information study didn’t spell acold enough.

Again, nan AEPD is not saying nan strategy was unsafe – conscionable that nan ineligible and method groundwork wasn’t coagulated capable to warrant utilizing biometric data.

What happens now?

Aena will entreaty nan fine, truthful this lawsuit is acold from over. For now, nan biometric programme isn’t unopen down – travellers who chose to usage it tin proceed doing so.

But this ruling sends a clear connection to each airdrome usability and backstage institution experimenting pinch biometric tech successful Spain:
convenience is not capable – nan ineligible checklist must beryllium watertight.

And pinch airports crossed Europe testing everything from facial recognition to integer identities, nan determination could group an important precedent.

Stay tuned pinch Euro Weekly News for much news from Spain