← Blog
· 9 min read

Stadium Face-Entry Has Quietly Become the Default — Here's Who Has Your Face

In 2026, "scan your face to enter" is no longer a Saudi futurism stunt. It's MLB at Citizens Bank Park. It's Madison Square Garden using face matching to enforce personal grudges. It's the Bernabéu requiring a biometric check to get to your seat. Most ticket buyers don't realize they opted in.

If you've bought a ticket to a major-league baseball game in the last 18 months, a concert at a Live Nation amphitheater, or any event at Madison Square Garden, there's a non-trivial chance your face is already in a venue-operator face-matching database. None of these rollouts came with a press blitz. Most of them came with an opt-in checkbox buried three layers deep in a ticketing app that the average buyer scrolls past.

This piece is the actually-cited map of where face entry has been deployed at scale in 2026, who runs the matching, and what specifically you can do if you don't want your face stored by a private security contractor for the convenience of skipping a 90-second turnstile.

The big four deployments to know

MLB

Go-Ahead Entry

Major League Baseball's branded face-entry program. Live at multiple parks including Citizens Bank Park (Phillies), Nationals Park (Nationals), Minute Maid Park (Astros), and Citi Field (Mets). Opt-in via the MLB Ballpark app; once you enroll, your face is the ticket. Per MLB's own announcement, the program is expanding to additional parks each season.

MSG

Madison Square Garden Entertainment

MSG installed facial recognition across Madison Square Garden, Radio City Music Hall, and the Beacon Theatre. They used it to deny entry to lawyers whose firms had sued MSG-affiliated companies — including a Mom-and-Dad-night-out at Radio City — per extensive New York Times reporting. New York's State Liquor Authority subsequently moved to revoke MSG's liquor license over the practice; the standoff remains legally active.

La Liga

Real Madrid — Estadio Santiago Bernabéu

Following the Bernabéu's 2024 renovation, Real Madrid rolled out face entry across all general-admission turnstiles. The vendor is Veridas (Spanish biometric ID company). Season-ticket holders enroll once; subsequent matches happen at the gate. Veridas' own case study claims a sub-second verification time and "millions" of face matches per season.

NFL

Mercedes-Benz Stadium (Atlanta Falcons)

Mercedes-Benz Stadium partnered with CLEAR (yes, the airport-line company) to roll out face-recognition entry for general fans starting in 2024. CLEAR also operates face entry at Citi Field (NY Mets), LoanDepot Park (Miami Marlins), and several other MLB venues — distinct from MLB's own Go-Ahead Entry program. CLEAR enrollees can opt in to use their existing CLEAR identity at the gate.

The vendors doing the matching

Almost every stadium face-entry deployment runs on one of four vendors. Knowing which vendor your venue uses tells you who actually holds your face data:

  • Wicket — the most-deployed sports-venue vendor in North America. Powers MLB's Go-Ahead Entry, several college football programs (Ohio State, Notre Dame), and the Cleveland Browns. Wicket runs the face match on edge hardware at the venue; the company says embeddings are not retained server-side longer than the season.
  • Veridas — Spanish biometric company that's the EU standard. Powers Real Madrid's Bernabéu, Bayern Munich's Allianz Arena, Atlético Madrid, and Boca Juniors. Veridas claims compliance with GDPR's biometric-data rules; the actual implementation stores templates on Veridas servers in the EU.
  • CLEAR — the same airport-line company. Used at Mercedes-Benz Stadium, Citi Field, LoanDepot Park, Coors Field, and others. Critically: CLEAR uses the SAME face template you enrolled for TSA airport access. One enrollment, multiple venues, including the federal one.
  • Custom MSG Entertainment system — MSG operates its own stack rather than using a third-party vendor. Per their Times-reported deployment, the system runs against a custom-curated "Persons of Interest" list that includes attorneys at firms litigating against MSG, in addition to the standard banned-fan list.

The pattern: opt-in that's hard to opt out of

All four major deployments above (CLEAR, Wicket, Veridas, MSG) are technically opt-in for face enrollment. The catch is the friction:

  • Enrollment prompts at point of ticket purchase with a default of "Enroll for fastest entry" pre-selected. Skipping requires noticing the toggle in the app.
  • The face line is the short line. At Citizens Bank Park, face-entry lanes process fans in roughly 1 second per person; traditional ticket-scan lanes are 8–12 seconds. The difference is enough that families with kids and middle-aged season-ticket holders self-select into enrollment to avoid the wait.
  • "You may be photographed by perimeter cameras" notice on the ticket — which is true regardless of whether you enrolled. The on-site cameras capture every face that crosses the turnstile area whether or not that face was previously enrolled, for "security and incident response" purposes. MSG's deployment in particular runs every captured face against the banned-persons list whether or not the face was enrolled by the visitor.
  • MSG's case is especially aggressive: the Times reporting confirmed that lawyer-targets had their faces matched on entry without their knowledge, after MSG scraped their public bar-association photos to build the "Persons of Interest" list. Enrollment was not required for the system to act against them.
Practical takeaway: at most venues you can refuse face enrollment and still get in via traditional scan. You cannot refuse to be photographed by the perimeter cameras. If a venue operator has a reason to want a database of your face (a lawsuit, a grudge, a security concern), they can build one without your enrollment.

The legal pushback (and why it isn't stopping the rollout)

  • MSG vs. New York State Liquor Authority. Following the 2022 lawyer-ban stories, the NY SLA opened proceedings to revoke MSG's liquor licenses, on the basis that NY law prohibits venues from "refusing admission" to ticket holders. The case has been in active litigation since 2023 with multiple court rulings on both sides. NYT background.
  • BIPA (Illinois Biometric Information Privacy Act) exposure for any venue in Illinois that captures biometric templates without written consent. Wicket-powered United Center (Chicago Bulls / Blackhawks) is structured around explicit BIPA-compliant enrollment for this reason — and that compliance overhead is why face entry has rolled out more slowly in Illinois than other states.
  • EU GDPR Article 9 (special-category biometric data). Real Madrid's Bernabéu rollout had to satisfy Spanish DPA review before launch. The Spanish AEPD published a formal opinion permitting the deployment with specific conditions: explicit opt-in, template stored only by Real Madrid (not Veridas long-term), deletion-on-request workflow.
  • California's CCPA + CPRA classify facial geometry as sensitive personal information. Any face-entry venue in California (Dodgers Stadium, SoFi, Crypto.com Arena) must offer a "limit use" toggle. None of the major-league venues advertise this prominently, but the right exists.

None of this has slowed the deployment curve. New stadium projects (Tennessee Titans 2027, Buffalo Bills 2026, Las Vegas A's 2028) are all being designed with face entry as the primary access flow and traditional scan as the fallback. The asymmetry — millions in saved labor cost vs. occasional eight-figure fines — works in the venues' favor for the same reason it works for the face-search engines themselves.

What to actually do if you don't want your face stored

  1. Don't enroll in the app prompt. The default-on "Enroll for fastest entry" toggle at ticket purchase is your one-tap opt-out — just turn it off. You'll wait an extra 10 seconds at the turnstile.
  2. Don't enroll in CLEAR specifically. CLEAR's stadium face entry uses the same template as their TSA enrollment. If you've already enrolled with CLEAR for airport lines, your face is already in the venue-matching system at every CLEAR-partnered stadium whether you knew it or not. Deleting your CLEAR account (CLEAR support → Delete Member account) removes the template from both contexts.
  3. Use the venue's deletion-on-request workflow if you previously enrolled. Wicket-deployed venues honor MLB's standard "Delete my Go-Ahead Entry enrollment" toggle in the Ballpark app. Veridas-deployed EU venues have a GDPR-mandated deletion request form. MSG... is more complicated; deletion requests are handled per their published privacy policy and may require written follow-up.
  4. Cover up at the turnstile, knowing it usually doesn't work. Sunglasses and hats degrade match accuracy but rarely defeat it (see our 2026 anti-recognition guide). Masks work better but are conspicuous and at some venues actively prohibited.
  5. If you're in California, BIPA-state, or EU, exercise the data-subject-deletion right explicitly. The venues are obligated to comply within statutory windows (45 days CCPA, 30 days GDPR).

The longer-term concern

Each individual deployment is "just" one venue, "just" opt-in, "just" stored for "just" a season. The aggregate is something different: by 2027, an adult who attends three professional sporting events and one major concert per year in the United States will have their face template enrolled in 4+ independent commercial databases — Wicket, CLEAR, Veridas, MSG, and one or two newer entrants. None of those databases are required to share with each other today. Several of them already partner with the others on backend identity verification. The legal architecture that would prevent silent cross-database matching does not exist anywhere in the US.

The reason this isn't a bigger story is that each individual transaction feels frictionless. The venue makes entry faster; the user gives up a face template they assume is "just used at this one place." It's the same dynamic that made face-search engines normal in the first place.

Removing your face from facial-recognition engines doesn't remove you from stadium databases — but it does remove the easiest input to them.

Wicket, Veridas, and CLEAR enroll you from a photo you provide. The reason MSG could build a "Persons of Interest" list from bar-association headshots in the first place is that those headshots were also in PimEyes, FaceCheck.ID, and Lenso.ai — the same engines we file removals against. Tighten the consumer-engine exposure and you raise the cost of every downstream venue-level match attempt.

Start your removals →

Sources: MLB Go-Ahead Entry rollout announcement; New York Times reporting on MSG's facial-recognition bans; Veridas case study on Real Madrid Bernabéu; Spanish AEPD opinion on the Bernabéu deployment; Wicket, CLEAR, and Veridas vendor sites.