Content Assessment: Facial Recognition Technology Use Warning for Dutch Supermarket
Information - 90%
Insight - 90%
Relevance - 90%
Objectivity - 95%
Authority - 95%
A short percentage-based assessment of the qualitative benefit of the recent post highlighting the recent Dutch Data Protection Authority warning regarding the use of facial recognition technology.
Dutch DPA issues Formal Warning to a Supermarket for its use of Facial Recognition Technology
The Dutch Data Protection Authority (DPA) has issued a formal warning to a supermarket for its use of facial recognition technology. Although the facial recognition technology has been disabled since December 2019, the supermarket wished to turn it back on.
The supermarket claims that it used facial recognition technology to protect its customers and staff and to prevent shoplifting. The technology was connected to cameras at the store’s entrance.
The technology scanned the face of everyone who entered the store and compared it to a database of people who had been banned from entering stores. The faces of people who had not been banned were deleted after several seconds.
Following reports in the media, on 6 December 2019, the DPA requested information from the owner of the supermarket. On 8 December 2019, the supermarket disabled the facial recognition technology. The owner indicated in documents provided to the DPA, however, that he wished to turn it back on.
Ban on facial recognition technology
‘It’s unacceptable for this supermarket – or any other store in the Netherlands – to just start using facial recognition technology,’ says Monique Verdier, deputy chairperson of the DPA. ‘Use of such technology outside of the home is banned in nearly all cases. And that’s for good reason.’
Walking bar codes
‘Facial recognition makes us all walking bar codes,’ explains Verdier. ‘Your face is scanned every time you enter a store, a stadium or an arena that uses this technology. And it’s done without your consent. By putting your face through a search engine, there is a possibility that your face could be linked to your name and other personal data. This could be done by cross-checking your face with your social media profile, for example.’
‘The technology can then decide what to do with the information: Are you suspected of something? Are you of interest as a customer? Is there value in monitoring your purchasing behavior and creating a profile for you? If we have cameras with facial recognition technology everywhere, everything and all of us can be continuously monitored.’
Facial recognition technology uses biometric data to identify people. The use of facial recognition for security is prohibited in all but two situations.
The first is if the people have given explicit consent for their data to be processed. Here, although the owner of the supermarket claims customers had been warned that the store used facial recognition technology, the customers did not give explicit consent for this.
‘The presumption that silence equals approval does not work here,’ says Verdier. ‘Simply entering the supermarket doesn’t count as giving consent.’
The other exception is if facial recognition technology is necessary for authentication or security purposes, but only in so far as substantial public interest is concerned. The supermarket claims that this is the case. The DPA considers that it is not.
‘The only example that the law gives is for the security of a nuclear power plant,’ explains Verdier. ‘The bar is therefore very high. Preventing shoplifting is of a completely different magnitude than preventing a nuclear disaster.’
For further information, please contact the Dutch DPA: https://autoriteitpersoonsgegevens.nl/nl
Read the original release via the European Data Protection Board
- An EDPB Update: Guidelines on Examples Regarding Data Breach Notification
- The Age of Consent? European Data Protection Board Guidelines on Consent Under the GDPR
Have a Request?
If you have information or offering requests that you would like to ask us about, please let us know and we will make our response to you a priority.
ComplexDiscovery is a premier online publication renowned for providing essential insights and intelligence in the realms of cybersecurity, information governance, and legal discovery to professionals navigating these fields. As a leading source of information, the publication expertly combines original research with aggregated news to cater to a highly specialized audience. Committed to enhancing readers’ understanding of relevant topics, ComplexDiscovery stands as an impartial and comprehensive resource for exploring trends, technologies, and services associated with electronically stored information.
The driving force behind this influential publication is ComplexDiscovery OÜ, a technology marketing firm that excels in strategic planning and tactical execution for organizations operating within these sectors. Registered as a private limited company in Estonia, a global leader in digital advancements, ComplexDiscovery OÜ dedicates its primary focus to supporting the publication. The company capitalizes on its virtual presence to provide marketing consulting and services to a diverse array of clients around the world, further solidifying its reputation as a leading voice in the eDiscovery ecosystem.