MWC Organiser GSMA Slapped With GDPR Fine Of €200,000 By Data Protection Watchdog: Report

GSMA or the GSM Association, which is a non-profit industry organisation that represents the interests of mobile network operators globally, has been slapped with a GDPR fine of €200,000 (~$224k) by Spain’s data protection watchdog for breaching privacy rules during Mobile World Congress (MWC) 2021 edition, media reports say.

GSMA, the organiser of MWC has been penalised over a breach finding that relates to biometric data collection by the body on show attendees, including for a facial recognition system it implemented (called BREEZZ), which offered attendees the option of using automated identify verification to enter the venue in person rather than manually showing their ID documentation to staff, says a report by TechCrunch.

Also read: Truecaller Launching Caller ID Service For WhatsApp, Other Messaging Platforms Amid Rising Pesky Calls From International Numbers

Spanish agency named AEPD dismissed an appeal by the organiser of MWC against the infringement finding, saying GSMA organiser infringed "Article 35 of the General Data Protection Regulation (GDPR)" which deals with requirements for carrying out a data protection impact assessment (DPIA). The GDPR legislation requires that a DPIA is carried out "proactively in situations where processing people's data carries a high risk to individuals' rights and freedoms".

The TechCrunch report added that less than 20,000 people registered attended the 2021 edition of MWC in person or 17,462 to be exact, according to GSMA disclosures made to the AEPD. Out of the total attendees, only 7,585 actually used the facial recognition system BREEZZ to access the venue.

Also read: Pixel Watch 2's Launch Date Leaked. Everything You Should Know

The majority apparently opted for the alternative of manual checks of their ID documents. (Albeit, with MWC 2021 taking place (still) in the midst of the pandemic, the GSMA also offered virtual attendance, with conference sessions being streamed to remote viewers -- and no ID checks were required for that type of attendance, the report added.