` A Major U.S. Drugstore Chain Deployed Facial Recognition System in Its Stores - Clarip Privacy Blog

A Major U.S. Drugstore Chain Deployed Facial Recognition System in Its Stores

Drugstore Chain Deployed Facial Recognition System

According to a recent Reuters report, a drugstore chain Rite Aid deployed facial recognition system in over 200 of its stores across the United States over an eight-year period.   The company has recently stopped using the technology.

Although Rite Aid declined to reveal which locations used the technology, Reuters discovered facial recognition cameras at 33 of the 75 Rite Aid shops in Manhattan and Los Angeles between October of 2019 and July of this year.  The technology was also deployed in Philadelphia and Baltimore.   The company asserted that facial recognition was used to deter theft and protect customers and staff from violence.   The store cameras matched facial images of customers to pictures of those individuals previously observed engaging in potentially criminal activities.  The alert was then sent to security agents’ smartphones who reviewed the match for accuracy.

According to Reuters’s analysis, facial recognition was used primarily in lower-income and non-white neighborhoods.  This is particularly concerning as civil rights and privacy advocates have long pointed out that the current facial recognition technology has been shown to be less accurate on people of color, women, and other minority groups.  According to the report, one of the facial recognition systems used by the company often misidentified minority individuals.

Rite Aid claims that it apprised customers of the facial recognition technology through signage at the shops as well as in the written policy posted on the company’s website.  However, Reuters’s reporters found no notice of the surveillance in more than a third of the stores they visited with the facial recognition systems.

The use of facial recognition, and biometrics generally, is largely unregulated in the United States.  Most notable law is the Illinois Biometric Information Privacy Act which requires private entities to provide notice and obtain written consent before biometric information is collected, prohibits the sale of and restricts the overall disclosure of biometric information, and requires companies to follow a reasonable standard of care in storing, transmitting, and protecting biometric information from disclosure.  The laws in Texas and Washington similarly require consent before collection of the biometric information.  However, only the Illinois law provides a remedy of a private rights of action where company fails to obtain the required consent.

Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653

Show Buttons
Hide Buttons