The British Columbia Privacy Commissioner determined that four Canadian Tire stores in BC violated BC privacy laws for their use of facial recognition technology.
The stores had cameras that collected images of customers entering the stores. The system compared those to a database of individuals “representing persons of interest who had allegedly been involved in incidents at Canadian Tire stores in the same region.”
The stores removed the systems and deleted the databases when the privacy investigation started in 2021.
The decision points out that 130 privacy authorities around the world have “expressed significant concerns” around facial recognition technology.
Consent for facial recognition
Problems in this instance included that the stores didn’t notify customers it was doing this and didn’t obtain consent. As well, they didn’t demonstrate that the use of the facial recognition tech was reasonably necessary.
There is a high threshold to pass to convince privacy commissioners that using facial recognition technology — or any biometric information for that matter — is necessary. In this decision, the Commissioner went so far as to recommend that the BC government amend existing laws regarding the use of biometric information.
The decision recommended that, “The stores should build and maintain robust privacy management programs that guide internal practices and contracted services.” The need for privacy management programs and privacy impact assessments is becoming more apparent. They will be required under the new CPPA which will replace the Federal PIPEDA legislation. Privacy compliance will require more than just a privacy policy.
David Canton is a business lawyer and trademark agent at Harrison Pensa with a practice focusing on technology, privacy law, technology companies and intellectual property. Connect with David on LinkedIn and Twitter.
Image credit: ©ChaoticDesignStudio – stock.adobe.com