FB pixel

Canadian shopping mall operator disables biometrics after data protection regulator report

| Chris Burt
Categories Biometrics News  |  Commercial Applications  |  Facial Recognition
 

facial-recognition-database

Shopping mall operator Cadillac Fairview used digital information kiosks at 12 malls across Canada to surreptitiously collect and use facial recognition on images of 5 million people without their consent, the country’s data regulator has declared.

The Office of the Privacy Commissioner of Canada, joined by data protection regulators in multiple provinces, made the announcement following an investigation into the Toronto-based company spurred by media reports.

The OPC found that biometrics were used to gather personal information, such as age and gender, and that while the images themselves were deleted, sensitive biometric data (templates) generated from them was stored in a third party’s centralized database. Further, Cadillac Fairview claimed ignorance of the database, which the regulators say compounds the risk of potential misuse by unauthorized entities, or malicious actors in the case of a data breach.

The joint investigation found that while Cadillac Fairview denied it had used the technology to identify individuals, and had referred shoppers to its privacy policy with stickers at mall entrances, the standard for meaningful consent had not been reached. The report also noted that video and audio data were captured and stored as part of a trial.

“Shoppers had no reason to expect their image was being collected by an inconspicuous camera, or that it would be used, with facial recognition technology, for analysis,” says Privacy Commissioner of Canada Daniel Therrien. “The lack of meaningful consent was particularly concerning given the sensitivity of biometric data, which is a unique and permanent characteristic of our body and a key to our identity.”

Cadillac Fairview has disabled the cameras in the displays, and has no plans to relaunch the technology, according to the announcement, but the company did not commit to ensuring express meaningful consent is obtained should it do so in the future, prompting concern from the Commissioners.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News

 

Will Scotland be the first nation to pass primary legislation covering live FRT?

The Scottish privacy commissioner continues to express consternation over the potential use of live facial recognition by Police Scotland. Meanwhile,…

 

France Identité app launches sandbox for iOS, proves age check privacy bona fides

France Identité, the French government’s mobile app for digital identity verification, has made its sandbox build available in iOS. Writing…

 

Digital ID success at scale hinges on tech, governance, adoption: IN Groupe

A study by French identity provider IN Groupe has established that digital identity systems succeed at scale only when countries…

 

New book makes case for DPI as fully integrated ecosystem

Digital development specialist Pedro Tavares has published a book that outlines how governments can successfully build digital states with digital…

 

Agentic AI pushes financial sector toward continuous identity

Agentic AI is forcing a rethink of identity and authentication in payments, as systems designed for human approval struggle to…

 

New Reality Defender Ethics Committee not mere theater, says CEO

“Most ethics committees are theater. This is not one of those.” So begins a new post from Reality Defender CEO…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Continue Reading

Biometric Market Analysis and Buyer's Guides

Most Viewed This Week

Featured Company

Learn More

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events