OTTAWA -- Without customers鈥 knowledge, more than five million images of Canadian shoppers were collected through facial recognition software used by Cadillac Fairview, a parent company of malls across the country,
The federal privacy commissioner reported Thursday that Cadillac Fairview contravened federal and provincial privacy laws by embedding cameras inside digital information kiosks at 12 shopping malls across Canada, and captured users鈥 images without their consent.
The facial recognition software installed in Cadillac Fairview鈥檚 鈥渨ayfinding鈥 directories was called 鈥淎nonymous Video Analytics (AVA) and through cameras installed behind protective glass, was used in Canadian malls for a brief testing period in 2017 and then was in-use between May and July of 2018.
The software took temporary digital images of the faces of any individual within the field of view of the camera inside the directory and converted the images into biometric numerical representations of each face and used that information to compile demographic information about mall visitors.
According to the report, the technology was used in directories at the following locations:
- CF Market Mall in Alberta
- CF Chinook Centre in Alberta
- CF Richmond Centre in British Columbia
- CF Pacific Centre in British Columbia
- CF Polo Park in Manitoba
- CF Toronto Eaton Centre in Ontario
- CF Sherway Gardens in Ontario
- CF Lime Ridge in Ontario
- CF Fairview Mall in Ontario
- CF Markville Mall in Ontario
- CF Galeries d鈥橝njou in Quebec
- CF Carrefour Laval in Quebec
According to a statement from Privacy Commissioner of Canada Daniel Therrien, the company said the goal of its cameras was to 鈥渁nalyze the age and gender of shoppers and not to identify individuals.鈥
The corporation said that it did not collect personal information because the images were briefly looked at and then deleted, however the information generated from the images was being stored by a third-party contractor called Mappedin, which Cadillac Fairview said it was unaware of.
鈥淲hen asked the purpose for such collection, Mappedin was unable to provide a response, indicating that the person responsible for programming the code no longer worked for the company,鈥 reads the report.
Therrien notes in his report that Cadillac Fairview not being aware of Mappedin鈥檚 storage of the information 鈥渃ompounded the risk of potential use by unauthorized parties or, in the case of a data breach, by malicious actors.鈥
In an interview on CTV鈥檚 Power Play, Deputy Commissioner Brent Homan called it a 鈥渕assive invasion of privacy鈥 and not one that shoppers would have expected while at the mall. Homan said that one of the lessons Canadians should take away from this report is that facial recognition software is available for companies to use, and while they encourage entities to ask for consent before deploying it on the public, that鈥檚 not always the case.
Cadillac Fairview鈥攐ne of the largest owners and operators of retail and other properties in North America鈥斺渆xpressly disagreed鈥 with the investigation鈥檚 findings, telling the commissioners that there were decals placed on shopping mall entry doors noting their privacy policy.
These stickers directed visitors to visit guest services to obtain a copy of the company鈥檚 privacy policy, but when the investigators asked a guest services employee at the Eaton location in Toronto, the employee was 鈥渃onfused by the request鈥 and so Therrien found the stickers to be an 鈥渋nsufficient鈥 measure.
鈥淪hoppers had no reason to expect their image was being collected by an inconspicuous camera, or that it would be used, with facial recognition technology, for analysis,鈥 said Therrien in a statement. 鈥淭he lack of meaningful consent was particularly concerning given the sensitivity of biometric data, which is a unique and permanent characteristic of our body and a key to our identity.鈥
The investigation was launched in 2018, following several media reports about information kiosks in malls being equipped with unmarked cameras to monitor visitor demographics. Their examination in this case included visiting Cadillac Fairview鈥檚 Toronto headquarters to interview key personnel, viewing the AVA technology inside the wayfinding directories in action, and extracting records from the directories for forensic analysis.
The existence of the software came to light after a user posted an image to Reddit of a display screen at the CF Chinook Centre in Calgary showing coding language including 鈥淔aceEncoder鈥 and 鈥淔aceAnalyzer.鈥
Commissioner Therrien鈥檚 office worked with Alberta Information and Privacy Commissioner Jill Clayton as well as the Information and Privacy Commissioner of British Columbia Michael McEvoy on the investigation.
鈥淣ot only must organizations be clear and up front when customers鈥 personal information is being collected, they must also have proper controls in place to know what their service providers are doing behind the scenes with that information,鈥 Clayton said in a statement.
The trio of commissioners have expressed concern that the company hasn鈥檛 accepted their request to commit to ensuring meaningful and express consent is obtained from shoppers in the future should it choose to redeploy similar technology in the future.
In a statement provided to 麻豆影视, Cadillac Fairview notes that the issue has been resolved, the data deleted, and the cameras have been deactivated. As well, the facial recognition software is no longer in use, but the company says it will not commit to its approach to 鈥渉ypothetical future uses of similar technology.鈥
鈥淭he five million representations referenced in the OPC report are not faces. These are sequences of numbers the software uses to anonymously categorize the age range and gender of shoppers in the camera鈥檚 view,鈥 the company said. 鈥淲e thank the Privacy Commissioner for the report and recommendations on how to further strengthen our privacy practices and agree that the privacy of our visitors must always be a top priority.鈥
