ASOCIACION DE CONSUMIDORES Y USUARIOS EN ACCION - FACUA – €3,150,000 Fine (Spain, 2021)
Mercadona was fined for using facial recognition technology to monitor people entering its stores without proper consent. The Spanish DPA found that this practice violated data protection rules. This case highlights the need for businesses to be cautious when using surveillance technology and to respect individuals' privacy rights.
What happened
Mercadona used facial recognition to prevent entry of individuals with criminal records without proper consent.
Who was affected
Individuals entering Mercadona stores, particularly those with entry bans, were affected by this surveillance.
What the authority found
The AEPD ruled that Mercadona's use of facial recognition violated GDPR by not having a legal basis for processing personal data.
Why this matters
This ruling emphasizes the importance of privacy in the use of surveillance technology. Businesses should carefully consider the implications of such technologies and ensure compliance with data protection laws.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
The Spanish DPA (AEPD) launched an investigation on Mercadona, a supermarket chain, after having notice, via the media, that it was using a video surveillance system using facial recognition to prevent access to their premises of people convicted for robbery or other crimes related with Mercadona and with entry bans in force. Afterwards, also two complaints were lodged in this regard by a consumers association and an association for computer enabled crimes and problems. Mercadona started to use this system on 1/06/2020 until 6/05/2021, after the AEPD issued an interim measure ordering the controller to stop the processing. Additionally, the process was brought to court in the meantime, what resulted in an order to stop the processing by a Spanish court in AP Barcelona - Auto 72/2021. The system used a facial recognition process that compares a "dubious biometric sample", obtained from one or more images of a person, against a database of biometric samples already associated with the identity of a person, which have been previously registered through one or more images of that person. To this end, the "dubious biometric samples" are transformed into patterns though algorithmic calculations that are evaluated based on previously established matching thresholds. The data processing included the capture, matching, storage and destruction - in case of negative identification (after 0.3 seconds of its collection) - of the captured biometric image of any person entering the supermarket. Mercadona, the controller, informed that they were relying on a public interest, from Article 6(1)(e) GDPR, for the processing, as it purpose was to ensure the safety of the people and goods, as well as of their premises. The particular national law alleged was the [https://www.boe.es/buscar/act.php?id=BOE-A-2014-3649 Private Security Act]. As regards to biometric data, the controller acknowledged that they were processing special categories of data from Article 9 GDPR, and that they were
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for ASOCIACION DE CONSUMIDORES Y USUARIOS EN ACCION - FACUA in ES
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
23 July 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€3,150,000
GDPRhub ID
gdprhub-3677About this data
Cite as: Cookie Fines. ASOCIACION DE CONSUMIDORES Y USUARIOS EN ACCION - FACUA - Spain (2021). Retrieved from cookiefines.eu
Last updated: