Loro Parque takes a hit on data protection: mandatory fingerprinting will be expensive

What happened?

Loro Parque on Tenerife and the associated Siam Park have incurred a hefty bill: 250,000 euros in fines for a serious breach of data protection. This was triggered by complaints from three visitors. The crux of the dispute: anyone who used the "twin ticket" to visit both parks at a discount - or spontaneously decided to return during their stay - had to leave their fingerprint behind. Spain's data protection experts investigated for a whole three years and have now come to a clear conclusion: this is not acceptable.

Why the fingerprint became a problem

The park argued that no fingerprints are stored, only encrypted mathematical values calculated from the print. Furthermore, this data would be deleted as soon as the ticket expires. Sounds technically sound - but it doesn't change anything at the core. After all, biometric data is not just "photos of a finger". It includes everything that serves to identify or confirm a person's physical characteristics. And that is exactly what happened here at the entrance: the print was used to check whether the person matched the ticket. Result of the authority: biometric data - period.

The park's arguments - and why they didn't work

The park called the practice "without alternative" in order to prevent tickets being passed on. In addition, the name and ticket were not merged, so allegedly no direct personal assignment. The data protection experts took a different view. Name, email and telephone number are already required when purchasing tickets online - and, depending on the ticket, a fingerprint is also required on site. The overall package is disproportionate for a mere visit to the park. The decisive factor: the operator was unable to prove that there are no milder, equally effective solutions.

What the penalty means - and what needs to happen now

The Loro Parque Group is a heavyweight in the Canary Islands: Zoo, Siam Park, luxurious Hotel Botanico and, on Gran Canaria, a large seawater aquarium. Nevertheless, data protection comes first for everyone. In addition to the 250,000 euro fine, the Spanish supervisory authority ordered corrections to the entry system. In other words: The finger setup must be removed or modified in such a way that privacy is maintained - and with real alternatives.

Are there alternatives? Yes - and several

• Photo check at the turnstile: A neutral face photo (without storage beyond the visit) is attached to the ticket on first entry.
• Wristband with one-time chip: Forgery-proof wristbands with a dynamic code that is deactivated when you leave.
• Digital tickets with changing QR codes: The code changes at short intervals - passing it on becomes unattractive.
• Identity check light: Random check of an ID document, without copy, without storage.
• Deposit model: Deposit wristband that is refunded on return - it is not worth passing it on.

What does this mean for visitors?

Good news: Going to the park should be easier and less invasive in future. No finger on the scanner, less gut feeling of "I'm giving away something very personal here". At the same time, the protection against misuse remains in place - just more user-friendly.

What does this mean for operators - also in Germany and Austria?

Less is more: only request data that is really necessary.

Biometrics is the last option, not the first. If at all, then voluntarily, with real choice without disadvantages.

Transparency counts: Clear information, short storage periods, easy deletion.

Verifiable comparison: Before biometric, check and document alternatives in writing.

An amusement park is not a high-security area.

Anyone who has to give their fingerprint for a slide has a gut feeling that is not misleading. Safety and fairness can also be achieved without personal data. The authorities have sent out an important signal here: convenience for the operator does not trump the privacy of guests.

If a park can only secure tickets with body data, it is not the technology that is smart, but the concept that is lazy. Biometrics belong where life and limb or truly critical infrastructures are at stake - not at the entrance to an attraction.