EDPB Opinion on the use of facial recognition at the airports

Opinion 11/2024 on the use of facial recognition to streamline airport passengers’ flow (compatibility with Articles 5(1)(e) and(f), 25 and 32 GDPR

The opinion assesses the compliance of the use of facial recognition technology by airport operators and airline companies for biometric-enabled authentication or identification of passengers to streamline the passenger flow at airports. The opinion is limited to the assessment of the compatibility of this processing with GDPR Articles 5(1)(e) and (f), 25 and 32 GDPR in the context of four specific scenarios: (1) Storage of enrolled biometric template only in the hands of the individual, for authentication, (2) Centralised storage of enrolled biometric template in an encrypted form within the airport and with a key/ secret solely in the passengers’ hands, for authentication, (3) centralised storage in a database within the airport, under the control of the airport operator), (4) centralised storage in a cloud, under the control of the airline company.