CONTINUE TO SITE »
or wait 15 seconds

Article

Biometric identification's unanswered questions for unattended retail

Government regulators are already placing restrictions on the use of biometric identification to protect consumer privacy. Future restrictions are possible unless technology providers find ways to address personal privacy.

Image courtesy of iStock

March 5, 2020 by Elliot Maras — Editor, Kiosk Marketplace & Vending Times

Editor's Note: This is part three in a three-part series on consumer privacy concerns about biometric identification.

Biometric identification holds a lot of promise for unattended retail, but the debate over what operators should do to protect customers' personal privacy has only begun. How soon the unattended retail industry will be able to use the technology's benefits, such as allowing customers to place and pay for orders in seconds, remains uncertain.

Most players in the unattended retail space recognize the benefits of fingerprint and facial recognition.

"We can provide better information to companies to understand who is doing/looking for what, and the best way to improve the customer expectation and experience, triggering advertisements, coupons in the screen, etc. or even analytical and demographic data," Marcos Fugulin, business development director of Apek International, a kiosk manufacturer, told this website in describing the benefits biometric identification promises unattended retail.

Biometric identification especially holds promise for making self-service technology easier for persons with disabilities, said Laura Boniello Miller, corporate business development manager at Vispero, an assistive technology provider for the visually impaired.

However, a pair of lawsuits against Compass Group USA by Illinois plaintiffs who claimed the company's vending machines improperly collected their biometric data, described in parts one and two of this series, demonstrates the challenges the industry faces in protecting customers' personal data.

Privacy questions seek answers

While self-service technology operators and providers were largely unfazed by these particular lawsuits, legal and technology observers interviewed for this article believe the industry needs to find better ways to protect consumers' personal privacy.

Maxine Most, a principal at Acuity Market Intelligence, an emerging technology strategy and research consultancy, had a personal experience that caused her to question how technology companies are managing biometric data.

Most enrolled in Clear, a service that allows airline passengers to be identified at airport kiosks using a fingerprint reader to save them from having to go through standard security. Most eventually canceled her Clear membership, and when she re-enrolled three years later, she was surprised to find that the company still had her biometric data on file. 

Most said it was "ridiculous" that her biometric data was still on file three years after she terminated her Clear membership.

"Technology precedes regulation, but the technology providers aren't thinking strategically long-term as far as what's going to constitute a viable way for biometrics to be used for authentication (and) identification, in a way that protects and preserves privacy in a way that secures the data," she said.

"Our PII (personally identifiable information) is sitting on hundreds of thousands of databases," she said. "The (technology) vendors just do not do a good enough job in creating technology that secures the storage and management of biometric data."

Miller of Vispero, who believes biometric identification can help the disabled, shared Most's privacy concerns, especially as they relate to disabled individuals.

"If personal data is being stored in any way, particularly biometric data, preferences that identify a person as disabled must be treated with as much care and security as other personal identifiable information," Miller said.

Stricter regulations ahead?

Stricter regulations on the use of biometric technology could be enacted, given the concerns some have raised over how the technology is being used by law enforcement, as well as questions around the inaccuracy of some of the technology.

A U.S. government audit found some facial recognition systems were 100 times more likely to be inaccurate in identifying black and Asian people than white people, according to a Feb. 23, 2020 article in The Wall Street Journal.

One possible solution

Most, of Acuity Market Intelligence, said an independent biometric identity service is needed to store and manage individuals' data. This would alleviate companies that collect the data from liabilities involved in storing it.

"I believe that the best approach would be to have an independent biometric identity service provider, so that individual companies do not have a liability of storing the biometric data," she said.

Facial regulation already restricted

Personal privacy laws governing facial recognition at the state level are already stricter than fingerprint recognition at the present time, according to Jeff Rosenthal, an attorney for Blank Rome LLP in Philadelphia, who has followed the subject.

The Washington Privacy Act, which was introduced by Washington legislators at the start of 2020, imposes stringent limitations on the use of facial recognition, Rosenthal told this website.

Companies classified as "controllers" under the law — those that determine the purposes and means of processing — must follow all of these guidelines:

  1. Conduct pre-deployment testing of its facial recognition technologies. 
  2. Provide notice when facial recognition technologies are deployed in areas that are open to the public. 
  3. Obtain consent from consumers prior to enrolling any images of consumers in a facial recognition service.
  4. Conduct periodic training for all individuals who operate or process data obtained from facial recognition technologies.

Companies classified as "processors" — those that process personal data on behalf of a controller — must follow all of these guidelines:

  1. Make application programming available to allow third parties to conduct testing of its facial recognition technologies.
  2. Provide notice that explains the capabilities and limitations of its services.
  3. Enter into written agreements that prohibit the use of its services to unlawfully discriminate against individuals or groups of consumers. 

What companies can do now

Rosenthal offered the following suggestions for companies incorporating facial recognition into their business activities:

First, he said companies should begin by ensuring they are being transparent about how they collect, use, store and dispose of "facial template data" — data measurements used to create a mathematical formula that is compared to the individual's face to confirm his or her identity. Next, Rosenthal said companies should provide advance notice to consumers about the use of facial recognition technology before acquiring any facial template data. 

The next step Rosenthal recommended is for companies to obtain consent from consumers before collecting any data derived from facial recognition technology. He said companies should obtain written consent from consumers whose data the company will collect, use and store — prior to capturing such data. Finally, he said that companies should implement effective data security safeguards to protect all data captured and stored through facial recognition technology from improper disclosure, access or acquisition.

About Elliot Maras

Elliot Maras is the editor of Kiosk Marketplace and Vending Times. He brings three decades covering unattended retail and commercial foodservice.

Related Media

Recent Posts
USConnect granted US patent for Theft Detective technology
United Food Group names Russ Law as sales manager
GameChanger Systems secures 2nd round of series A funding
EcoATM names Matt Furlong as CEO
Greenwood schools use vending machines to promote reading


©2025 Networld Media Group, LLC. All rights reserved.
b'S1-NEW'