In a landmark decision, the Federal Trade Commission (FTC) has barred retail giant Rite Aid from using facial recognition technology for surveillance purposes for a period of five years. The ruling settles FTC charges that Rite Aid had failed to establish adequate procedures and prevent potential harm to consumers through its use of facial recognition technology in hundreds of its stores.
The proposed order mandates Rite Aid to put into place comprehensive safeguards when deploying automated systems that leverage biometric data to track or identify individuals as potential security risks. If Rite Aid fails to manage potential risks to consumers, the company must discontinue the use of such technology.
The FTC’s decision comes in response to a complaint filed in federal court alleging that Rite Aid deployed AI-based facial recognition technology from 2012 to 2020 to identify customers suspected of shoplifting or engaging in other unlawful activities. However, the FTC charged that Rite Aid did not take reasonable measures to prevent harm to consumers, resulting in innocent individuals being falsely accused of wrongdoing due to erroneous matches by the facial recognition technology.
According to the FTC’s complaint, Rite Aid collaborated with two companies to create a database of images of individuals identified as “persons of interest” due to suspected criminal activity at Rite Aid locations. This database, which contained tens of thousands of images sourced from Rite Aid’s security cameras, employee phone cameras, and even news stories, was used to flag potential troublemakers.
However, this system reportedly generated thousands of false-positive matches. Customers were matched with individuals who had been flagged based on activities occurring thousands of miles away or were incorrectly identified at numerous stores nationwide.
The FTC also charged Rite Aid with violating a 2010 Commission data security order by failing to implement a comprehensive information security program. The 2010 order stipulated that Rite Aid should ensure its third-party service providers had appropriate safeguards to protect consumers’ personal data. The FTC alleges that Rite Aid conducted many security assessments of service providers orally and failed to maintain backup documentation for such assessments, including those deemed “high risk.”
In addition to the five-year ban on surveillance and biometric security systems, the proposed order also prohibits Rite Aid from misrepresenting its data security and privacy practices. The FTC hopes that this ruling will serve as a precedent and a cautionary tale for other companies considering the use of facial recognition technology without adequate safeguards in place.
The Commission unanimously voted 3-0 to authorize staff to file the complaint and the proposed stipulated order against Rite Aid, marking a significant step in the FTC’s ongoing efforts to protect consumer privacy and data security.
For the latest news on everything happening in Chester County and the surrounding area, be sure to follow MyChesCo on Google News and MSN.