Facial recognition in travel

Denmark’s copyright revolution and what it means for the industry

Industry specialisms28.08.20257 mins read

Key takeaways

Facial recognition makes travel easier

Quicker boarding and check-in for passengers.

Denmark introduces copyright for faces

Personal identity gains new legal protection.

Travel companies must prioritise data compliance

Non-compliance can lead to significant financial penalties.

Facial recognition in travel: Denmark’s copyright revolution and what it means for the industry

Facial recognition has moved beyond being a future development—it is rapidly becoming a defining feature of modern travel. From biometric boarding gates to keyless hotel check-ins, the technology offers speed, enhanced security and personalisation. But a legal revolution is quietly taking shape in Denmark that could redefine how travel companies use biometric data—and who truly owns your face.

Denmark’s bold proposal: copyright over identity

In a landmark move, Denmark is considering legislation that would grant individuals copyright-like control over their own likeness—defined as their face, voice and body, including how these are captured, reproduced or imitated digitally. This would apply to photographs, video and voice recordings and AI-generated content such as deepfakes or avatars.

Key aspects of the draft law include:

  • Individuals could claim ownership over their likeness.

  • They would gain the right to demand removal of unauthorised deepfakes or AI-generated representations.

  • Compensation could be sought where their likeness was misused, even if the misuse occurred through automated systems.

  • Platforms hosting such content could face steep fines if they fail to act, although satire and parody remain protected. The real scope of these exceptions will likely be tested in court.

This shift—from privacy to property—marks a significant change in how identity would be regulated. But it is not happening in isolation. Denmark is getting ready to assume the EU presidency, and its proposal could largely influence broader similar reforms across the EU bloc.

Why this matters for travel

The implications for the travel industry are significant. Facial recognition is increasingly embedded in passenger journeys—from airport security to border control and hotel access. If Denmark’s approach takes hold more broadly across Europe meaning identity becomes a form of intellectual property, airlines, airports, and hospitality providers will need to rethink how they collect, process, and reuse biometric data.

Consider the following scenarios:

  • A passenger’s facial scan is used to board a flight, but the same image is later reused in promotional materials without traveller’s explicit permission.

  • A hotel uses facial recognition to personalise services, but a guest objects to how their likeness is stored or shared.

  • A cruise line uses AI-generated avatars using passenger photos and triggering claims of unauthorised use.

Under Denmark’s model, these practices could clearly expose companies to legal claims. However, not just under data protection laws, but also under copyright-like frameworks.

The EU AI Act and UK guidance: tightening the net

Denmark’s initiative coincides with wider regulatory challenges. The EU Artificial Intelligence Act, adopted in March 2024, classifies biometric systems as “high-risk” and enforces strict obligations on providers and users, including: (i) Prohibition on real-time facial recognition in public areas, (ii) Mandatory human oversight and risk assessments before deployment, (iii) Extraterritorial reach—meaning non-EU companies serving EU citizens must also comply and (iv) Fines of up to €35 million or 7% of global annual turnover for non-compliance.

There is currently no general statutory regulation of AI in the UK. However, various areas of law touch on AI regulation in practice, including the General Data Protection Regulations. The UK Information Commissioner’s Office (ICO) has also issued detailed guidance on biometric recognition, emphasising lawfulness, fairness, and transparency. Additionally, in a statement dated 13th August 2025, the ICO clarified that data protection law, which provides that the use of any personal data must be lawful, fair and proportionate, applies to facial recognition technology. Particularly when used by the police, it must be deployed in a way that respects people’s rights and freedoms, with appropriate safeguards in place.

With the UK Border Force planning contactless entry via facial scans by 2026, scrutiny is set to increase. 

What travel companies should do now

To stay ahead of these developments, travel businesses should:

  1. Audit biometric systems to comply with GDPR, the EU AI Act and UK data protection rules.

  2. Review vendor contracts to ensure liability and data-sharing terms reflect new risks.

  3. Update consent mechanisms to meet transparency and fairness standards.

  4. Monitor cross-border legal changes, especially as Denmark’s model may nfluence EU-wide reform.

How Hill Dickinson can support

At Hill Dickinson, we combine legal insight with sector-specific expertise to help travel companies navigate the evolving biometric landscape. Our team advises on:

  • Regulatory compliance and risk assessments.

  • Contractual reviews and vendor due diligence.

  • Incident response and dispute resolution involving biometric data.

As the legal frontier shifts from privacy to ownership, we are here to help you future-proof your biometric strategy.

For further support, please contact Ezequiel T. Condoluci Santa Maria.

Your content, your way

Tell us what you'd like to hear more about.

Preference centre