GSMA statement on AEPD resolution

The GSMA notes the recent resolution of the Spanish Data Protection Agency (the “AEPD”). The AEPD’s resolution does not relate to a data breach. There was no data breach or unauthorised access of GSMA’s systems and at no point was the personal data of attendees at MWC Barcelona 2021 compromised or misused.

The resolution relates to the GSMA’s approach to undertaking a data protection impact assessment for the use of facial recognition technology at MWC 2021. Facial recognition was an option for attendees at MWC 2021 as part of a comprehensive health and safety programme. 

The GSMA takes data protection extremely seriously and has a robust compliance programme in place to address its data protection obligations. The GSMA continuingly reviews and updates its approach to data protection, employing innovative technology to deliver a safe attendee experience. 

The GSMA will continue to cooperate with the AEPD and is reviewing the resolution and considering options to respond.