Supermarket chain faces GDPR probe over facial recognition system

Spanish data regulator launches inquiry just four days after AI system's rollout

Spanish supermarket chain Mercadona is under investigation by the country’s data protection regulator over the use of a new facial recognition system in 40 of its stores.

The company introduced the AI-powered facial recognition system on 2 July in the cities of Zaragoza and Mallorca, as well as its home city of Valencia.

Advertisement - Article continues below

As reported by The Local es, the “early detection system”, as the company is calling it, is intended to detect people who have restraining orders issued against them preventing them from entering Mercadona shops or contacting members of staff, or who have been convicted of offences such as shoplifting.

When it rolled out the system, the company explained that no information on other customers will be stored and that footage is deleted after 0.3 seconds, or “in the blink of an eye."

It’s clear the supermarket believes these measures are enough to comply with GDPR, which came into force across the European Union in 2018. Biometric data, however, is regarded as a “special category” of personal data and is considered to be particularly sensitive, which affords it extra protections under the regulation.

In light of this, the Spanish Data Protection Agency (AEPD) launched an official investigation into the use of this technology last week, following reports in the media about it.

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

"Mercadona has provided the agency with some initial information about the facial recognition initiative in its establishments, and the AEPD has expressed reservations about its compliance with data protection regulations," a spokesperson told IT Pro."

"We are in the preliminary stages of the investigation, so are unable to give any further information about it," they added.

Mercadona, however, told Spanish newspaper El País on 6 July that it had “no record of a file being opened by the agency”, but that it had contacted the AEPD itself, sending “all the information about the project” to the regulator and acting with “total transparency”.

Related Resource

The IT Pro Podcast: Happy birthday GDPR

As GDPR turns two, we look back on its impact and how it’s changed data protection - if at all

Listen now

“We will continue to provide any information that is requested from us,” the company added.

The use of facial recognition software is increasingly controversial and is known to throw up false positives, particularly when the subject is female or has darker skin. In response to both this and potential privacy violations, some local authorities, notably in the UShave prohibited the use of facial recognition software.

Some technology companies have followed suit, with IBM announcing it has stopped working on commercial facial recognition AI altogether, while Amazon has put development on pause.

IT Pro has contacted both AEPD and Mercadona for comment but hadn’t received a response at the time of publication

Featured Resources

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Remote working 2020: Advantages and challenges

Discover how to overcome remote working challenges

Download now

Keep your data available with snapshot technology

Synology’s solution to your data protection problem

Download now

After the lockdown - reinventing the way your business works

Your guide to ensuring business continuity, no matter the crisis

Download now
Advertisement

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
How do you build a great customer experience?
Sponsored

How do you build a great customer experience?

20 Jul 2020