LaLiga disputes €1M fine from AEPD over stadium biometrics

Spain’s National Professional Football League, or LaLiga, is disputing a fine that was imposed by the Spanish Data Protection Agency (AEPD) on grounds that the league failed to conduct a data protection impact assessment (DPIA) when implementing face biometrics to increase security in stadiums.

LaLiga introduced a biometric identification system to allow access into fan stands during the 2015/2016 season as part of efforts by the country’s authorities to combat behaviour related to violence, racism, xenophobia and intolerance in sports. However, the move has been greeted by mixed reactions. The AEPD warned LaLiga last year that any deployment of facial recognition would have to accompanied by the appropriate assessments and consultations.

A €1 million fine (US$1.08 million) was levied by the AEPD days ago, and is now being challenged in court by the football league, which says it is uncalled for, according to The Impact Lawyers.

LaLiga argues that the implementation of the system was not its creation but a recommendation of the Anti-Violence Commission which was duly approved by the competent authorities. The league also adds that it is not in any way involved in the management of biometric data collected by the system.

Further making its defense, LaLiga says the management of the data is guided by a regulatory framework of supervision and public control, which is applied by clubs that have installed those biometric systems.

To LaLiga, it is therefore unjustifiable that it be forced to conduct a DPIA when in fact, it doesn’t process any data. The league mentions that in the face of these concerns, it has continued to work with the relevant sporting authorities in Spain to amend the country’s 2007 law on sports violence.

LaLiga goes on to reiterate its commitment to its fight against vices that tarnish the image of the beautiful game, and endanger player safety.

In the last few years, some clubs have taken steps to implement safety measures. In 2022, for example, Osasuna became the first LaLiga club to deploy a biometric-based access control system, but the move has since attracted a complaint and eventually a fine of €200,000 (US$216,000) from the AEPD.

Although faced with resistance from policy and privacy big shots in some countries, technologies like biometrics are increasingly seen as a key factor in fighting fan violence in sports, facilitating entry into sports venues, and keeping players and officials safe.

A survey reported in 2024, for example, found that many national football player unions believe biometric systems can play a significant role in ensuring player safety. Per the survey, 66 percent of player unions said violence is becoming common place in sports and so technology like facial recognition has the potential to identify troublemakers.

At the start of last year, Italian football authorities said they were planning to introduce facial recognition technology in all top tier league football stadiums in the country.

Article Topics

AEPD  |  biometric identification  |  biometric ticketing  |  biometrics  |  data privacy  |  facial recognition  |  GDPR  |  Spain