Canadian Tire covertly uses facial recognition to collect customer data

Canadian Tire came under fire from British Colombia's privacy commissioner for illegally operating facial recognition technology in four of its stores in the province. 

The company used AxxonSoft and FaceFirst systems to collect facial images and videos of people entering Canadian Tire stores, created biometric templates, and compared them to a database of previously collected photos and biometric templates representing people of interest who had allegedly been involved in incidents at Canadian Tire stores in the same region.

The commissioner singled out (pdf) the retailer's failure to properly notify customers of its use of the technology or obtain consent to collect and use their personal data. It also said that even if the stores had obtained consent, they were required to demonstrate a reasonable purpose for collection and use, which Canadian Tire had also failed to do. 

Canadian Tire removed the systems in British Colombia and destroyed the data when notified that it was under investigation, the regulator said. The company was ordered to create and maintain a robust data privacy management programme.