Rite Aid’s proposed biometrics ban would sideline it for 5 years

A proposed U.S. regulatory settlement between Rite Aid and the Federal Trade Commission would sideline the national pharmacy chain in facial recognition for five years.

The FTC has proposed a five-year ban on the use of face-scan surveillance at financially struggling Rite Aid.

The regulator alleges that the pharmacy chain has been “reckless” in how it searches for shoplifters using face recognition surveillance systems. Company executives deny wrongdoing in the proposed settlement. They also say Rite Aid stopped using the software more than three years ago, when a pilot ended.

The software is inaccurate and biased, according to the commission, and Rite Aid misrepresented how it managed the data collected.

Commissioners recommended operational requirements in addition to the ban, but some portion of them would likely to be moot as biometrics technology and policy rapidly evolve.

Executives in the second-tier health retailer would be relegated to watching at least one generation of face-scanning development come and go around them.

They also would learn from a remove the costly mistakes that are bound to be made by retailers deploying biometric surveillance over the five years. And executives will be spectators to new legislation and regulations as well as industry ethics debates.

The commissioners refer to their recommended steps as safeguards. The provisions face minor hurdles before they can be imposed.

Among the steps Rite Aid would be required to take, is the deletion of the algorithms used and the images collected.

The company would have to notify people when their biometric data is entered into a databased linked to a biometrics system. Notification would also be required when an action is taken against them based on an AI decision.

Rite Aid is in bankruptcy court right now, and it is likely that debtors want this matter ended quickly to move those proceedings along.

This isn’t the first time the pharmacy chain has found itself before the FTC, which issued a consent order to Rite Aid in 2010. The order can be viewed here on page 694.

The complaint then involved improper disposal of customer and employee data – allegedly in unsecured dumpsters. Biometrics were specifically mentions in the order along with other personally identifiable data.

Rite Aid was ordered to have its data security polices audited by an independent third party every two years for 20 years.

And in 2020, the company was accused of allegedly deploying face-matching software in a discriminatory fashion.

An investigation by Reuters reportedly found the company deployed the system more often in economically depressed areas populated primarily by minorities. Rite Aid had had a DeepCam system and FaceFirst face-matching code, as far back as 2012.

Article Topics

biometric bias  |  biometrics  |  facial recognition  |  FTC  |  regulation  |  video surveillance