FB pixel

Canadian shopping mall operator disables biometrics after data protection regulator report



Shopping mall operator Cadillac Fairview used digital information kiosks at 12 malls across Canada to surreptitiously collect and use facial recognition on images of 5 million people without their consent, the country’s data regulator has declared.

The Office of the Privacy Commissioner of Canada, joined by data protection regulators in multiple provinces, made the announcement following an investigation into the Toronto-based company spurred by media reports.

The OPC found that biometrics were used to gather personal information, such as age and gender, and that while the images themselves were deleted, sensitive biometric data (templates) generated from them was stored in a third party’s centralized database. Further, Cadillac Fairview claimed ignorance of the database, which the regulators say compounds the risk of potential misuse by unauthorized entities, or malicious actors in the case of a data breach.

The joint investigation found that while Cadillac Fairview denied it had used the technology to identify individuals, and had referred shoppers to its privacy policy with stickers at mall entrances, the standard for meaningful consent had not been reached. The report also noted that video and audio data were captured and stored as part of a trial.

“Shoppers had no reason to expect their image was being collected by an inconspicuous camera, or that it would be used, with facial recognition technology, for analysis,” says Privacy Commissioner of Canada Daniel Therrien. “The lack of meaningful consent was particularly concerning given the sensitivity of biometric data, which is a unique and permanent characteristic of our body and a key to our identity.”

Cadillac Fairview has disabled the cameras in the displays, and has no plans to relaunch the technology, according to the announcement, but the company did not commit to ensuring express meaningful consent is obtained should it do so in the future, prompting concern from the Commissioners.

Article Topics

 |   |   |   |   |   |   |   |   | 

Latest Biometrics News


Real-time remote biometrics banned in EU with final green light for AI Act

The European Union’s Artificial Intelligence Act received a final green light allowing it to become the world’s first major regulation…


Ethiopian capital Addis Ababa unveiled as host of 2025 ID4Africa AGM

It’s not only the case with sporting events like the FIFA World Cup, or the Olympic Games. The host of…


Ryanair accused of GDPR violations with biometric passenger verification

Travel policy advocacy group eu travel tech has lodged a formal complaint with the French and Belgian Data Protection Authorities…


Police in US cities that ban facial recognition asking others to do it for them

A major report in the Washington Post has found that law enforcement officers in U.S. several cities where facial recognition…


European Union Digital Identity Regulation takes effect

The European Union Digital Identity (EUDI) Regulation entered into force on Monday meaning that Member States will be required to…


Real-world insight into building impactful digital ID programs at ID4Africa Day 2

Executives of digital ID and biometrics companies took the front seat on Day 2 of the ID4Africa annual general meeting…


Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events