The FTC Shows Its Dislike of Facial Recognition Technology
In May 2023, the FTC issued a warning that it would be closely monitoring the use of biometric information technology, including those powered by machine learning, because they raise significant consumer privacy and data security concerns and have the potential for bias and discrimination. On December 19, the FTC made good on its promise by settling a complaint against Rite Aid regarding its use of facial recognition technology to deter theft.
Rite Aid’s Use of Facial Recognition Technology
Rite Aid, one of the nation’s largest drugstore chains, has approximately 2,500 stores in 19 states. From 2012 to 2020 it used an artificial intelligence based facial recognition technology to identify customers who may have engaged in theft or other improper behavior.
The FTC alleged that Rite Aid committed numerous errors, which led to the facial recognition technology mistakenly identifying customers as shoplifters or troublemakers.
Guidance for Proper Usage
The list of Rite Aid’s missteps can be used as a roadmap for those who wish to use facial recognition or other artificial intelligence technologies while avoiding the wrath of the FTC:
- Determine if facial recognition technology poses potential risks to consumers by misidentifying them, or if there are heightened risks of identifying certain consumers because of their race or gender.
- Obtain information from the vendor providing the technology about the algorithms used by the technology and the extent to which these methods might increase the likelihood of false positives based upon race, ethnicity, gender, sex, or age.
- Determine the accuracy of the facial recognition technology before deploying it, including obtaining information from the vendor regarding the extent to which the technology has been tested for accuracy.
- Have written image quality standards to prevent the use of low-quality images in connection with facial recognition technology as low-quality images increase the likelihood of false positives.
- After deployment, regularly monitor the accuracy of the technology by tracking the rate of false positives and take action based upon those false positives.
- Train employees that operate the facial recognition technology that the technology could generate false positives. Make sure this training is monitored.
- Notify consumers that facial recognition technology is used on the premises and provide complaint procedure information to customers.
- Investigate and respond in writing to consumer complaints regarding the technology.
- Have a retention schedule so any information is deleted after a specific time, generally no more than five years.
- Implement a data security program specifically for the images and other personal information the facial recognition technology collects and stores.
Closing
The use of facial recognition technology will be inspected with a fine-toothed comb if the FTC ever has reason to review your use of this technology. In addition to the above tips, we recommend you review the program for compliance with applicable state and federal laws.
Disclaimer
This material is provided for informational purposes only. It is not intended to constitute legal advice nor does it create a client-lawyer relationship between Hall Booth Smith, P.C. and any recipient. Recipients should consult with counsel before taking any actions based on the information contained within this material. This material may be considered attorney advertising in some jurisdictions. Prior results do not guarantee a similar outcome.
Blog Overview
About the Author
Richard Sheinis
Partner | Charlotte Office
T: 980.859.0381
E: rsheinis@hallboothsmith.com
Richard Sheinis assists businesses in the areas of data privacy and cyber security, employment, and technology. He works with a wide variety of companies from small technology businesses to publicly traded companies with a global footprint.
Leave a comment
You must be logged in to post a comment.