Happy Bar & Grill biometric surveillance tool development

Short summary of the incident using references.^[1] Usually 2-3 sentences that summarize the contents or the article. When writing the article, insert text in the space below this box, and then delete this tip box (and the other tip boxes below). In the visual editor, just click on a box and press backspace to delete it. In the source editor, simply delete the double curly brackets, and the text inside them.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Background

Information about the product/service history to provide the necessary context surrounding the incident

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Happy Bar & Grill is a Bulgarian restaurant chain that implemented an AI facial recognition system developed by security vendor IP Biometrix.^[2] Marketed for "smile monitoring" of staff, the system uses existing security cameras for real-time facial recognition.

Incident

Change this section's title to be descriptive of the incident.

Impartial and complete description of the events, including actions taken by the company, and the timeline of the incident coming to the public's attention.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

IP Biometrix's portfolio page shows the system processes not only employees but also customers. A demonstration image displays a customer's face labeled "Subject 6053" with biometric attributes tracked including glasses, facial hair, and ethnicity.^[2] Patrons receive no visible signage at entrances or within dining areas informing them their facial biometrics are being captured, analyzed, or stored.

Under GDPR, facial recognition constitutes processing of biometric data—a "special category" requiring explicit consent or another valid legal basis (Article 9).^[3] Inferring ethnicity triggers additional restrictions as it reveals "racial or ethnic origin." The absence of transparent notice violates GDPR Articles 13–14, while processing customers' biometrics for staff performance monitoring lacks a proportionate legal basis under Articles 6 and 9.

Company's response

If applicable, add the proposed solution to the issues by the company.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

As of March 2026, Happy Bar & Grill has issued no public statement addressing biometric processing of customers. No privacy notices specific to AI cameras appear at restaurant entrances or on the company website.^[4] IP Biometrix continues to showcase the implementation without addressing transparency or consent requirements for customer processing.^[2]

Lawsuit

If applicable, add any information regarding litigation around the incident here.

Claims

Main claims of the suit.

Rebuttal

The response of the company or counterclaims.

Outcome

The outcome of the suit, if any.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

No lawsuits have been publicly reported as of March 2026. However, similar practices have faced regulatory action elsewhere in the EU: the Dutch DPA fined a shopping center €565,000 in 2023 for emotion recognition cameras processing customers' biometric data without valid legal basis.^[5]

Consumer response

Summary and key issues of prevailing sentiment from the consumers and commentators that can be documented via articles, emails to support, reviews and forum posts.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

Consumer awareness appears limited due to absent on-site notices. Affected customers may exercise GDPR rights by:

Submitting Subject Access Requests demanding all biometric data processed about them
Filing complaints with Bulgaria's Commission for Personal Data Protection^[6]
Requesting deletion of biometric templates under the right to erasure (Article 17)

References

↑ ref goes here
↑ ^2.0 ^2.1 ^2.2 "Разпознаване на лица за Happy Bar and Grill". IP Biometrix. Retrieved 4 March 2026. {{cite web}}: Check |archive-url= value (help)
↑ "Regulation (EU) 2016/679 (GDPR), Article 9". European Union. Retrieved 4 March 2026.
↑ "Privacy Policy". happy.bg. Retrieved 4 March 2026.
↑ "Dutch DPA fines shopping center for illegal use of cameras with emotion recognition". Dutch Data Protection Authority. 20 June 2023. Retrieved 4 March 2026.
↑ "Commission for Personal Data Protection". cpdp.bg. Retrieved 4 March 2026.

Add a category with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.

[1] ref goes here

[ip-biometrix-2] 2.0 ^2.1 ^2.2 "Разпознаване на лица за Happy Bar and Grill". IP Biometrix. Retrieved 4 March 2026. {{cite web}}: Check |archive-url= value (help)

[gdpr-article9-3] "Regulation (EU) 2016/679 (GDPR), Article 9". European Union. Retrieved 4 March 2026.

[happy-privacy-4] "Privacy Policy". happy.bg. Retrieved 4 March 2026.

[dutch-dpa-5] "Dutch DPA fines shopping center for illegal use of cameras with emotion recognition". Dutch Data Protection Authority. 20 June 2023. Retrieved 4 March 2026.

[cpdp-bg-6] "Commission for Personal Data Protection". cpdp.bg. Retrieved 4 March 2026.

[1]

[2]

[3]

[4]

[5]

[6]