GDPR and Biometric Data: Lessons from Atlético Osasuna’s Compliance Failures
Atlético Osasuna’s implementation of a facial recognition system for stadium access led to a GDPR complaint, highlighting significant issues around biometric data processing. The AEPD fined the club for inadequate compliance regarding consent, necessity, and data minimization principles. This case serves as a caution for organizations considering biometric surveillance, emphasizing strict adherence to GDPR requirements…