Aena, for its part, stresses that it disagrees with the decision and has announced that it will appeal the sanction in court, calling it disproportionate. The company maintains that it did in fact conduct the required evaluations before launching the system and underlines that biometric processing was voluntary, based on informed consent, and that there has never been any security breach or data leak. In Aena’s view, the fine punishes a “formal obligation” which, they claim, had already been met.
However, the AEPD considers that the model used by Aena was excessively intrusive: instead of applying facial recognition only at the time of boarding—i.e. comparing the person’s face with their passport on the spot—the system stored passengers’ biometric information in a centralised database, amounting to a “one-to-many” (1:N) identification. In the agency’s opinion, there were far less invasive alternatives to achieve the same goal, such as traditional document checks or local biometric authentication, and this architecture represents a high-risk form of processing for fundamental rights.
The biometric boarding system had been rolled out in eight airports in Spain—including Madrid-Barajas, Barcelona-El Prat, Alicante, Gran Canaria, Palma de Mallorca, Menorca, Tenerife Norte and Ibiza—and had amassed tens of thousands of users during the period it operated between 2023 and 2024. The AEPD’s decision means that all these terminals must immediately deactivate biometric checks at boarding, although traditional controls using physical documentation will continue as usual.
Beyond the financial impact of the fine, the case opens a far-reaching debate on the limits of biometric technology in public spaces and the risks associated with mass processing of sensitive personal data. Privacy and data protection experts point out that individual consent is never sufficient when the design of the system breaches the principle of data minimisation or when less invasive alternatives have not been duly demonstrated. This is how the AEPD has interpreted the situation, and it has acted accordingly.
From Aena’s perspective, the original goal was legitimate: to streamline boarding processes, shorten queues, improve the passenger experience and align with new expectations for speed and modernisation. In its official statement, the company insists that data security has never been compromised, that participation in the programme was voluntary and that it will work to reactivate the system as soon as possible.
This turn of events makes it clear that technological modernisation in airports cannot ignore strict compliance with data protection regulations. The Aena case serves as a warning that biometric systems deployed for passenger convenience can collide with fundamental rights if they are not backed by rigorous impact assessments and robust safeguards. Now, with biometric gates switched off, the company and the authorities will have to rethink how to balance innovation, efficiency and respect for privacy in an environment as sensitive as the airport.
