Major League Baseball tested biometric ticketing at a handful of ballparks and plans to expand its use of fingerprint-based tickets across the nation in 2019.
MLB is partnering with biometric identification company Clear to switch from paper and mobile tickets to biometric identification. Once this initiative is put into use, baseball parks that utilize Clear and Ticket.com technology will give their fans the access that is as easy as a tap or swipe with their fingers to enter a game at the ballpark. They also will be able to use Clear’s biometric identity platform to pay for concessions.
So far, Clear technology has been installed in more than a dozen venues and the company has partnered with a lengthening list of pro teams, including the New York Yankees, Colorado Rockies, Seattle Mariners, New York Mets, Atlanta Braves, the Los Angeles Football Club, Oakland Athletics, San Jose Quakes and Madison Square Garden.
As part of a new mobile-ticketing policy, the Seattle Mariners announced their fans will no longer have access to its stadium with print-at-home tickets. Starting Mar. 23-24, at the Mariners FanFest, the fans will enter T-Mobile Park via their MLB Ballpark app on their phone.
Over half of all MLB teams have already made the switch to mobile-only ticket entry or are doing so this season, according to MLB.com. According to SportTechie, while the Mariners no longer accept cash at select points-of-sale, the Tampa Bay Rays will no longer take cash at all, inside Tropicana Field.
“Over 60 percent of all our single-game buyers, and many of our season ticket holders, are already opting for mobile delivery. The technology has evolved to the point where it is a fast, easy and secure way for fans to purchase, access and manage their tickets,” said Malcolm Rogel, Mariners VP of Ticket Operations and Event Services, according to MLB.com.
The technology can identify individuals using physical attributes such as fingerprints, retinas, voices, face recognition, hand geometry and DNA. A blog post from a security expert with Minerva Security, a British based fire and security system firm, M2SYS, states that the business system is much more secure and extremely efficient; it provides precise results and with minimal invasiveness since a simple scan is needed to activate the business system functionalities. Employers can scan employees’ biometrics to access company devices and to clock in and out of work. According to the Society for Human Resource Management, the most common form of biometric authentication used is fingerprint scanning, followed by facial recognition.
“The adoption of mobile ticketing has brought us to this point,” Noah Garden, MLB’s executive vice president of business, told FOX Business. “Getting into the stadium as seamlessly and expeditiously as possible is important to the fan experience. The last thing you want is a pile-up getting into the game. We want to achieve security measures at the same time as taking the fan experience to the next level.”
Consumers are familiar with or have been at least introduced to the idea of biometrics. For example, most cell phones have fingerprint and/or facial recognition features to unlock phones. Consumers are also familiar with fingerprint scanning through services by Clear that allow passengers to move through security lines at the airport.
The MLB-Clear partnership is the first time any major sports organization has collaborated to provide fans with a new identification technology. Although the league will not store the data itself, the general collection and use of fans’ biometric data raises privacy consideration questions. Furthermore, only three states have passed laws to protect biometric information.
Biometric data can be stored and reused, leading to violations of existing privacy laws. The current question is what happens with the data and how it relates to privacy rights.
In 2008, Illinois passed the Biometric Information Privacy Act in efforts to prohibit the collection of a person’s biometric information without his or her written consent. The law requires organizations that hold biometric identifiers or biometric information to inform individuals that their data is being collected, why it is being collected and how long it will be used and stored.
Washington and Texas passed similar legislation. Montana, Connecticut and New Hampshire have considered, but not yet passed, laws. Furthermore, Illinois’s BIPA is the only law that includes a private right of action for those aggrieved by a violation of the statue.
In a lawsuit, Rosenbach v Six Flags Entertainment Corp., against a Six Flags theme park, Stacy Rosenbach sued the park after her son was fingerprinted in order to access a season pass she purchased for him. Rosenbach fought that the park violated BIPA because it didn’t have her son’s written consent to be fingerprinted, or disclose what it does with the biometric data. The mother stated that her family had not been in any harm but argued that she wouldn’t have purchased the season pass for him had she known he would be fingerprinted.
The trial court rejected Six Flags’ argument that Rosenbach’s suit must fail because she did not allege any harm as a result of the allegedly illegal data collection. The court agreed to present to the appeals court the question of whether a person aggrieved by a violation of BIPA must result in some actual harm.
In 2017, the appeals court reversed the trial court’s decision, stating that a plaintiff must allege harm as a result of the alleged violation to maintain a claim, although the harm doesn’t need to be financial.
Rosenbach appealed to the Illinois Supreme Court on the narrow question of whether a party is an aggrieved party if the only injury is the data collection without disclosure and proper consent. The court answered with a yes, holding that an individual can be an aggrieved party, even without actual harm, where there is only an invasion of a legal right.
Although Illinois is the only state statute that gives consumers a right to sue for privacy violations, its application might not be restricted to the use and collection of data in that state. The question still stands as to where the data is stored and how it is being used.
As MLB expands and experiments with biometric identification across the country, with their large fan base, legal discussion will inevitably continue.
A team that appears to be on the opposite side of the spectrum is the Philadelphia Phillies, as the city of Philadelphia is instituting a ban on cashless stores and restaurants, effective this summer.
As the switch to cashless systems starting to become effective, different demographics in different areas could be effective, as lower-income demographics have limited access to credit and debit cards. Teams like the Rays and Mariners could impact which areas can access games.
Logan Huff is a senior journalism major at Arizona State University.