Privacy vs. Stadium Security: The Uncertain Future of FanID

By Berenice Sagaón, Fernando Poo, Andrea Chávez, Desirée Matamoros, José Lozano

In March 2022, following the acts of violence that occurred during the 2022 Liga MX Clausura tournament, the Mexican Football Federation (FMF) implemented the digital mechanism known as FanID, which seeks to identify all attendees attending professional football matches in Mexico.

Recently, and as one of its final acts before its dissolution, the National Institute for Transparency, Access to Information, and Protection of Personal Data (INAI) ordered the imposition of sanctions against the FMF for alleged violations of the Federal Law on the Protection of Personal Data Held by Private Parties, arising from the processing of biometric personal data for access to football stadiums through the FanID platform.

It will be up to the Anti-Corruption and Good Government Secretariat (SAGB) to continue and resolve this matter once the legislative process for the transition of powers to that authority is completed. It will be interesting to learn the human rights analysis that the SAGB will carry out in light of the potential conflict between the right to physical integrity and the right to personal data protection.

It should be noted that, in December 2022, the INAI had already sanctioned the FMF for 23,069,707 pesos for failing to prove that it had obtained the express written consent of data subjects—including minors—for the collection of their retina or iris for facial recognition purposes, which are considered sensitive personal data. However, this sanction is currently being appealed.

Data Privacy Area ECIJA Mexico
socios.mexico@ecija.com
(+52 55) 56 62 68 40
www.ecija.com