Four locations of the automotive retailer chain Candian Tire in British Columbia (BC), Canada were said to have violated privacy laws by collecting biometric data from customers using facial recognition technology (FRT).
The province’s privacy watchdog said the stores collected customers’ biometric information between 2018 and 2021, contravening the Personal Information Protection Act (PIPA).
The investigation revealed that the businesses failed to establish a reasonable explanation for deploying FRT.
The stores in question also failed to get customers’ consent before using the FRT or provide proper notice that FRT was in use.
The OPIC contacted Canadian Tyre stores in BC following media reports that some outlets were utilising FRT to curb stealing.
The OPIC discovered that 12 stores were collecting biometric data. However, they removed their FRT systems and destroyed the associated personal information after the investigation began.
How well do you really know your competitors?
Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.
Thank you!
Your download email will arrive shortly
Not ready to buy yet? Download a free sample
We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form
By GlobalDataOPIC Commissioner Michael McEvoy said: “The biometric information captured by FRT systems – the precise and unique mathematical rendering of your face – is highly sensitive. Retailers, like the ones in this case, would have to present a highly compelling case to demonstrate such collection would be reasonable. The stores failed to do so in this case.”
The commissioner recommended that the retailers establish and maintain effective privacy management programmes.
McEvoy recommended that the the government “amend the Security Services Act or similar enactments to explicitly regulate the sale or installation of technologies that capture biometric information.”
He added that the government should also amend “the Personal Information Protection Act to create additional obligations for organisations that deploy biometric technologies, for example by requiring notification to the OIPC.”