Retailers already have the technology to scan your face and track you, and they expect to not have to get your consent to do so. Should businesses should need permission to scan your face and retain your information? This past week, privacy advocates have given up and walked away from a 16-month-long effort to secure that standards are in place to protect consumers from retail facial scans.
The privacy advocates were attempting to ensure facial recognition scans didn’t harm consumers, and assure their privacy was protected. The nine major privacy groups said they had hit a dead end and that “people deserve more protection than they are likely to get in this forum.” The privacy groups, consisting of lawmakers and consumer advocates, were calling for retailers to secure permission from shoppers for the facial scans. The National Telecommunications and Information Administration (NTIA), an agency of the United States Department of Commerce, is acting as a mediator between retailers and privacy advocates, and also working to protect consumer interests.
The privacy groups maintain that businesses using this technology should get permission before scanning your face for identification. Once identified, the businesses track your purchases and buying habits, as well as gather information from any available database that has you listed — criminal histories and credit information, for example. On the other side, retailers want to use this data for marketing purposes, presenting consumers with special offers according their buying habits and purchasing power. They also want to identify potential criminals.
Alvaro Bedoya, a law professor at Georgetown University and leading privacy advocate, said that consumers should have to give permission by default before they could be scanned. After nearly a year and a half of negotiations, not one retailer was willing to move on the stance that no permission is necessary. One retailer argument is that people previously convicted of shoplifting would not give permission. Identifying potential shoplifters as they come in the door is one of the goals of businesses.
The NTIA thinks that progress has been made and will continue to negotiate to insure privacy standards are in place, albeit without the nine privacy advocate groups involved. NTIA spokeswoman Juliana Gruenwald urged the privacy groups to continue, stating “The process is the strongest when all interested parties participate and are willing to engage on all issues.”
“At a base minimum, people should be able to walk down a public street without fear that companies they’ve never heard of are tracking their every movement — and identifying them by name — using facial recognition technology,” the advocates said. “Unfortunately, we have been unable to obtain agreement even with that basic, specific premise.”
The biggest concern among privacy groups is use of the technology by retailers, including casinos, to target and profile people. So long as a company has an existing photo of “persons of interest,” from shoplifters to “your best customers,” staff can be sent an email or text alerting them of that person’s arrival.
Facebook has been using facial recognition for a few years now to identify and categorize pictures. It’s easy to see this data being shared among retailers and social media sites to target ads for users. Facebook already knows what products you look at online by scanning cookies from retailer websites, and use the results to bombard you with ads for the product you just looked at, or already purchased.
There is also the danger of the data being hacked. “You can change your password and your credit card number, but you cannot change your fingerprints or the precise dimensions of your face,” the privacy groups said in last week’s statement. “Through facial recognition, these immutable, physical facts can be used to identify you, remotely and in secret, without any recourse.” Privacy advocates maintain that the ability to categorize people by facial recognition, even if you don’t identify them by name, is particularly invasive.
Groups that issued the statement included the Center for Democracy and Technology, the Center for Digital Democracy, Consumer Federation of America, Common Sense Media, Electronic Frontier Foundation, American Civil Liberties Union, Consumer Action, Consumer Watchdog and the Center on Privacy & Technology at Georgetown University Law Center. The groups argue that businesses have little incentive to adopt privacy standards that protect consumers, and that congress should pass privacy legislation that applies to specific Technologies.
By Jimmy Rose