Facial Recognition Can be Fuzzy

An ever-increasing number of stadiums in the US are using facial recognition as a part of their fan experience. But while the tech might be ready to go, the legal and privacy issues are murky.

The use of facial recognition at sports and entertainment venues is increasing every month. It first entered the entertainment world in casinos, and its use has spread to other entertainment and sports venues. It’s estimated that over 30 stadiums in the US are using the technology in some fashion. Firms like AEG, Ticketmaster (in partnership with Wicket), and many others are building it into their service offerings. Among its potential benefits are:

• Faster admission procedures

• Faster checkout for concessions and merchandise

• Defense against ticket counterfeiting or unauthorized resale

• Better fan data for teams and leagues

• A tool for creating personalized fan experiences

But the following is also true of facial recognition:

• In the US, facial recognition data must be turned over to police if served a valid court order, subpoena, or warrant

• It’s been used proactively by police in the US, Russia, China, and Brazil to arrest fans wanted for outstanding offenses who attended a sports or entertainment event 

• James Dolan used it to bar a fan from Madison Square Garden who criticized his ownership

Therefore, teams and venue owners looking to unlock the benefits of facial recognition should be aware of the potential risks involved.

What’s the Big Deal? 

People who regularly use Apple’s Face ID to unlock their phones may wonder what the big deal is. The difference is that in the case of Face ID, the facial biometrics are only on the phone and stay under the control of its owner. The data involved in face recognition systems at arenas is captured by whoever is collecting the information. So people’s facial data can be used and potentially shared in ways that they do not control.  

Navigating the Legal Waters

There are currently no federal regulations specifically concerning the use of facial recognition, although a few bills have been presented on the subject. Between 2017 and 2024, fifteen states enacted some form of facial recognition legislation. While these are primarily directed at law enforcement agencies, teams, and venue owners should look at existing and pending legislation at both the federal and state levels to make sure their vendors and usage are in compliance with those laws.

More broadly, facial recognition data is considered PII (Personally Identifiable Information). This means that it is subject to regulations concerning the storage and handling of that data in the same way as social security numbers or bank accounts. Any company involved in facial recognition should be able to share their privacy policy with you and show they are in compliance with the required regulations, such as the California Consumer Privacy Act (CCPA), or have voluntarily achieved third-party certifications on their information security practices, such as the International Organization for Standardization (ISO) 27001. Naturally, if you are storing the data on any internal systems, you need to check your own compliance as well.