© BELGIAN
The Data Protection Authority (DPA) wonders whether the access system with facial recognition that tennis star Kim Clijsters has introduced in her padel club De Boneput in Bree, is in accordance with European privacy rules (GDPR). If the Kim Clijsters Sports & Health Club, of which De Boneput is a part, cannot justify the measure, there may be a fine.
Source: BELGIAN
Clijsters introduced the facial recognition system on Wednesday. Its purpose is to keep non-paying players away from the padel courts outside. Only those who register in advance can come and hit a ball. Players who do not recognize the system will receive a warning, after which the club representative will be informed.
ALSO READ. Kim Clijsters is going to take padel boobies by the collar through facial recognition
© Serge Minten
The GBA has now sent a letter to the Kim Clijsters Sports & Health Club containing a number of questions. “We ask, among other things, on what legal basis they are based and whether a risk assessment has been carried out”, explains spokeswoman Aurélie Waeterinckx. The processing of biometric data, which are labeled as sensitive according to the GDPR, is in principle prohibited, although a number of exceptions have been laid down.
But even if the facial recognition at the padel fields were to meet one of those exceptions, the measure must still be proportional, Waeterinckx emphasizes. “In other words, is there no other way to control access to the outer plazas that is less intrusive?” In addition, a prior data protection impact assessment – a type of risk analysis – is also mandatory.
The letter to the Kim Clijsters Sports & Health Club is a “first, informal” step, in which the GBA requests more information about data processing. If the answers point to possible breaches, the privacy watchdog can launch a formal investigation and possibly impose a sanction.
