Biometric stadium entry plans in Europe trigger privacy and GDPR concerns

Biometrics are coming to Europe’s stadiums, as facial recognition continues to see pickup for ticketing and security at large sporting venues. Clubs in Germany and the Netherlands are planning major biometric overhauls of their home stadiums. But not everyone is cheering, with privacy experts warning that the EU does not play on the same regulatory field as the United States, where face biometrics for ticketing and concessions are gaining ground.

Borussia-Park to get biometric entry, enhanced connectivity

Borussia Moenchengladbach, which plays in Germany’s Bundesliga, plans to roll out biometric entry to eliminate lineups at its 54,000-capacity Borussia-Park. A report from City AM focuses on the team’s partnership with U.S. firm Extreme Networks, which provides AI cloud networking products for the NFL and Major League Baseball.

Moenchengladbach tech chief Frank Fleissgarten says that, with reliable connectivity, “from payment terminals and VIP hospitality to access control, we can power every critical service while staying flexible enough to scale, innovate, and introduce new experiences as the club continues to evolve.”

The report also notes that, in the few instances facial recognition has been used in European stadiums, “the technology has mostly been deployed as a counter-hooligan measure and a means of preventing access to blacklisted fans.”

“Some Scandinavian clubs have used to identify troublemakers and Italy is said to want to follow suit. Spanish side Osasuna is thought to be the only team in a major European league to deploy it to streamline fan entry, as Moenchengladbach plan to.”

Supporters’ association says privacy not possible with biometrics

Expansion into broader uses could elicit public pushback, as EU citizens measure their privacy against the GDPR and other existing frameworks. A headline from NL Times tells the story in the Netherlands: “Dutch football assoc. ready to link stadium tickets to ID cards; Fans worried.”

The piece says national football association KNVB is planning to roll out the Personal Digital Access System (PDT), also known as Identity-Based Access, which replaces a physical ticket or a membership card with biometrics linked to user ID at stadium gates. It says the system will  help quickly identify violent or disruptive fans and make ticket transfers more secure, helping combat black-market reselling.

But the plan has some fans in a huff. Carli Klijn, spokesperson for the FSV De Feijenoorder supporters’ association, says “there is no debate that stadium safety is important, but the main concern is privacy. Supporters’ associations should be involved and properly informed about this plan.”

GDPR compliance must be primary factor

London-based law firm Pinsent Masons recently published a blog urging operators in the EU and UK to consider the regulatory differences with the U.S. before diving head-first into biometric refurbishing. According to data privacy expert Dom White, under GDPR rules governing EU and UK data laws, the use of facial recognition to grant stadium access would put it within the scope of special category personal data.

“Even if it is optional or designed to improve the fan experience, clubs must meet the higher compliance threshold that applies to biometric processing,” White says. Malcolm Dowden, a technology and privacy expert with Pinsent Masons, says “clubs still need to demonstrate that biometric systems are necessary, effective and proportionate compared with less intrusive alternatives, and that their deployment is supported by appropriate safeguards for supporters’ rights.”

Regulatory enforcement has already stung famed Spanish club Barcelona, which was recently hit with a €500,000 fine by the Spanish data protection authority (AEPD), for “failing to carry out appropriate data protection impact assessments when gathering biometric data during its mandatory census of 143,000 club members,” which included collecting biometric selfie and ID scan data. Spain’s football league, La Liga, was also fined €1 million in 2025 for similar violations.

Article Topics

biometric ticketing  |  biometrics  |  data privacy  |  Europe  |  facial recognition  |  GDPR  |  United States