Mercadona fined for facial recognition privacy violations

Occurred: July 2021

Spanish supermarket chain Mercadona's was fined EUR 2.5m by AEPD, the country's data protection regulator, for illegally collecting and processing childrens' and employees' biometric data. 

The stated aim of the programme was to detect known criminals and people with restraining orders issued against them for attacking Mercadona employees, with cameras equipped with facial recognition identifying relevant transgressors, who were then reported to the police.

AEPD ruled that Mercadona had failed to appreciate that its system processed sensitive data of anyone who entered its supermarkets, including childen and its own employees. 

The regulator also found that Mercadona had violated GDPR Article 12 and 13 transparency requirements, including the ability of those affected to complain or appeal.

Mercadona's facial recognition system was supplied by Israeli company AnyVision (now Oosto). Oosto also manufactures military drones equipped with facial recognition.

System 🤖

Operator: Mercadona
Developer: Oosto/AnyVision Interactive Technologies  
Country: Spain
Sector: Retail
Purpose: Detect criminals
Technology: Facial recognition
Issue: Privacy
Transparency: Marketing; Complaints/appeals

Legal, regulatory 👩🏼‍⚖️

Page info
Type: Incident
Published: November 2021