On social media, the matter caused a stir: until a few weeks ago, it was still possible to benefit from a free ticket to Disneyland Paris by collecting that of one of your friends (or a complete stranger) after the latter had spent part of the day in the park. The absence of verification – even if the banknotes are nominative – allows the rules to be annulled.
To prevent an increase in this type of behavior, Disneyland Paris has revised its system and now requires that each guest take a photo when checking in, as indicated on a specific page: “Your photo will be taken and associated with your adult ticket to control guest access to the Disneyland Paris parks.”
A complaint filed with the CNIL
Contacted by Tech&Co, the park specifies that the photographs will be “deleted within a week” and that “they will not be processed by facial recognition technologies.”
The management also indicates that it is possible to “request access to your personal data” via a specific email and that a visitor can object to this measure by presenting an identity document or proof of membership in the company in the case of a ticket purchased by a works council.
But according to Tech&Co, this measure, applied since the beginning of October, has not been the subject of any declaration to the CNIL, the personal data police. And rightly so, “it is up to organizations to ensure that their devices comply with the legislation” since the entry into force of the GDPR (the European regulation on personal data) in 2018, the organization specifies.
However, the CNIL confirms having received a complaint “related to this system” and tells Tech&Co that it is “under investigation.”
Pending its conclusions, it should be noted that, while the sudden arrival of this measure is a cause for concern (on social media, many visitors report increased waiting times), it could prove to be in compliance with the requirements of the GDPR.
The possibility of being able to reject the photograph while allowing the presentation of an identity document (which is not scanned, but simply verified by park staff), as well as the non-use for commercial purposes or for a facial recognition system, should allow Disneyland Paris to escape a sanction from the CNIL.
As a reminder, the GDPR is strict regarding the use of a person’s image, whether in public or private spaces. European regulations insist on the need for prior authorization, unless the person is not recognizable (from behind, or with their face hidden, for example). In the case of the system implemented at Disneyland Paris, “free, specific, informed and unequivocal” consent must be obtained.
In this context, Disneyland Paris clearly displays information when passing through security or at the entrance to its parks and not only has a support page on its website. Furthermore, according to Tech&Co’s conclusions, it is possible to enter the park without being photographed by presenting your identification document.
At the moment, Disneyland Paris does not plan to implement a system already present in the American parks and which is based on biometric verification.
Source: BFM TV
