Comment on the case with Mobile World Congress by Dr Anastasia Dedyukhina.
I had a strong doubt if I should make it public, but decided to do so, as ultimately this is not about me, but all of us.
In 2021, I was invited to speak at Mobile World Congress in Barcelona. In case you don't know what it is, it's the "Oscars" of the global mobile industry. And as some of you remember, this was still in the middle of the pandemic.
Organizers asked me to upload biometric data (passport) online in order to verify my identity, which I refused because I could not find a reasonable justification for it. Their website suggested that I could also bring my ID/passport for an in-person verification, which I didn't mind.
I was told by organizers, however, that unless I upload my passport details, I CANNOT attend the live event and would need to join virtually, which I ended up doing. The virtual panel went ok and we all spoke about the importance of diversity in tech, and all those great things that you discuss in large conferences.
But somehow I couldn't let go of the situation. You see, I chose as a job making people conscious of their digital behaviour and their rights in the digital environment and empower them to take an action. I even did a TEDx talk about it :)
MWC is supposed to set the standards for the global mobile industry and the digital future. And I REALLY don't like the future, where I have to upload my biometric details in order to attend a live event, or else I am 'punished' by sitting at home.
So I ended up asking Adam Leon Smith FBCS for advice. Adam is a walking encyclopedia of everything related to privacy laws, among other things. Our very basic joint research showed some strange things around data processing of this biometric information (which you can read here). And so we decided to write a complaint to the Spanish data protection agency (AEPD).
Did I expect any favorable outcome? To be honest, not really, I didn't even think my letter would get to them (I sent it by post as I didn't have a Spanish electronic ID registration).
Did I think I was just setting myself for future trouble, as I'll be seen as a 'difficult person' to work with and probably will never be invited again to speak at MWC and partnering organizations? Most definitely. But I just couldn't act differently.
Long story short, 2 years later AEPD recognizes GSMA, the organizers of MWC, to be guilty of unjustifiably infringing with the privacy of nearly 20,000 attendees, and assigned a fine of 200K euros.
This outcome gives me hope. If an ordinary citizen like myself with NO legal education can execute her privacy right and create some waves, maybe we don't have to completely give up on our privacy in the digital future.
Maybe it's the question of just one person very quietly and politely asking an 'inappropriate' question - "why do you need my data?" - and then repeating it again and again, to start shifting things.