The Spanish Data Protection Agency (AEPD) has ordered airport management firm AENA to suspend its biometric passenger boarding system and pay a €10 million (R198,8 million) fine for not complying with national regulations.
According to the AEPD, AENA failed to meet required safeguards under biometric data national regulations, stating that AENA did not comply with the requirement to conduct a valid Data Protection Impact Assessment. AEPD also noted privacy and security risks related to the biometric boarding system, which relies on centralised storage.
The airport company, which manages several airports across Spain, said it would appeal the decision, claiming that the watchdog’s resolution was disproportionate.
AENA maintains that it completed the assessments prior to the programme’s start and disagrees with the AEPD’s decision that these assessments did not fully comply with the applicable regulations.
The company also confirmed that there had not been any security breach and that biometric data was not at risk at any time.
