University vending machine error reveals use of secret facial recognition | A malfunctioning vending machine at a Canadian university has inadvertently revealed that a number of them have been usin…::Snack dispenser at University of Waterloo shows facial recognition message on screen despite no prior indication

  • Vanth@reddthat.com
    link
    fedilink
    English
    arrow-up
    15
    arrow-down
    1
    ·
    9 months ago

    If they’re taking enough data to determine age, gender, race, they’re taking enough data to uniquely identify individual people.

    • Greg Clarke@lemmy.ca
      link
      fedilink
      English
      arrow-up
      4
      arrow-down
      16
      ·
      9 months ago

      That’s not true. They’re likely using a model that identifies some demographic attribute and associating that with a purchase. It’s 2024, this can all be done on the machine. The machine doesn’t need to store the individuals data etc. If the vending is storing enough data to identify individuals then it wouldn’t be GDPR compliant.

      • Vanth@reddthat.com
        link
        fedilink
        English
        arrow-up
        7
        arrow-down
        1
        ·
        9 months ago

        I said collecting, as in taking photo/video closeup of faces and eyes. Whether they are storing and cataloguing against individual profiles is another question, and must be checked against how GDPR requirements are actually written about personal data being processed.

        “We’re GDPR compliant” means absolutely nothing coming from a company’s PR response to this sort of event.

        • Greg Clarke@lemmy.ca
          link
          fedilink
          English
          arrow-up
          2
          arrow-down
          8
          ·
          9 months ago

          Consent is a requirement for GDPR compliance. They are likely taking an image from the camera, extracting semantic attributes from the image, and then discarding the image. The length of time the individual is standing there making the purchase is likely longer than the image is stored in memory while extracting the attributes.

          • uis@lemm.ee
            link
            fedilink
            English
            arrow-up
            7
            arrow-down
            1
            ·
            9 months ago

            I bet there is no button “consent to biometrics collection”