Vacation parks broke privacy rules by using face scanning for visitors to enter the pool

Eight vacation parks have scanned their visitor's faces so that the guests can gain access to pools and playgrounds. According to The Dutch Data Protection Authority (AP), this was a violation of privacy rules. Seven of the eight parks have adapted their way of working and are now abiding by the rules, the eighth park has not done so yet. They have been given until the beginning of December to stop, or they risk a fine or a penalty.

The privacy regulator did not report which vacation parks the accusations are alluding to. The parks did not only use face scanning recognition on adults but also on children.

Guest were not told by the parks that they did not need to scan their faces to go inside. "Once such a facial scan has been made of you, you lose control. You can then be identified and tracked everywhere. Your face is unique, and you cannot simply exchange it for another copy," said vice-chair Monique Verdier of the AP.

Facial recognition is only allowed when it is necessary for a personal or household purpose like unlocking a telephone, when it is needed for the purpose of security of a sensitive location like a nuclear power center, or when people give explicit permission for a scan.

People can only give explicit permission if they have the freedom to say no. At the holiday parks, this means that visitors should have been able to use a wristband or a pass to enter, but that did not happen. According to Verdier, people were "presented with a fait accompli: if you want to swim, you have to give up your data. That is forbidden."