andreusK - stock.adobe.com

Supermarket facial recognition challenged by privacy group

Big Brother Watch’s legal challenge against Southern Co-op’s use of facial recognition claims the use of the technology in stores is ‘unlawful’ and ‘Orwellian in the extreme’

Privacy campaign group Big Brother Watch has filed a legal complaint against the Southern Co-op supermarket chain for its use of live facial recognition (LFR) in stores, marking the first legal challenge brought against a retailer for using the technology in the UK.

Southern Co-op, which currently operates LFR in 35 of its 200 stores across southern England, first announced it was using the technology in stores in October 2020, with loss prevention officer Gareth Lewis claiming in a blog post that it “has helped reduce theft in the stores where it is deployed”.

Lewis added that the LFR software, provided by London biometrics firm Facewatch, was initially trialled “in a select number of stores where there is a higher level of crime” before being rolled out more widely.

After scanning people’s faces with a single camera as they enter the store, the system converts the captured images into numerical data – or hashes – so that it can compare the faces against a pre-defined “watchlist” of people that the co-operative believes have stolen from its shops, or been violent.

According to a Southern Co-op spokesperson, the biggest instigator of violence against its employees is when they intervene after a theft has already taken place. To deal with this, an in-store employee receives a notification once the LFR system generates an alert, so they have time to decide what pre-emptive action to take, said the spokesperson.

This could include getting staff to approach the person identified with an offer of help, so they know they have been detected, or asking them to leave the premises.

“The safety of our colleagues and customers is paramount and this technology has made a significant difference to this in the limited number of high-risk locations where it is being used,” said the spokesperson. “Signage is on display in the relevant stores. As long as it continues to prevent violent attacks, then we believe its use is justified.

“The system does not store images of an individual unless they have been identified and evidenced as an offender, including those who have been banned/excluded.”

But Big Brother Watch director Silkie Carlo claimed Southern Co-op’s facial recognition surveillance is “Orwellian in the extreme, highly likely to be unlawful, and must be immediately stopped by the information commissioner,” adding: “This is a deeply unethical and, frankly, chilling way for any business to behave and I’d strongly recommend that people do not shop at the Southern Co-op while they continue to spy on their shoppers.”

In its legal complaint to the Information Commissioner’s Office (ICO), Big Brother Watch said Facewatch’s system is “highly invasive” in its processing of personal data, and that it enables retail outlets such as Southern Co-op “to create and enforce ad-hoc and dynamic blacklists of individuals they wish to exclude from their stores, or otherwise ‘intervene’ with”.

It added: “In practical terms, an individual can enter a Southern Co-op store and, unknown to them after their visit, be added by a member of staff to a watchlist containing allegations of ‘crime or disorder’, if that member of staff ‘reasonably suspects’ them.”

Big Brother Watch said that, upon becoming a ‘subject of interest’, the individual’s biometric profile can then be shared with Southern Co-op staff in others stores, as well as with staff members of any other Facewatch client within a certain radius of the first location.

“The ‘subject of interest’ may never know why this is happening or what they can do about it,” it said. “They will remain on the watchlist for two years, with no proactive steps by Facewatch to confirm whether Southern Co-op’s allegations have been confirmed or disproved by police action.

“The risks to data subjects’ rights and freedoms from this kind of processing are significant. As the Commissioner’s own guidance makes clear, the bar for such processing to be lawful is high, and Facewatch and Southern Co-op fail to meet that bar.”

According to data rights agency AWO, which is representing Big Brother Watch in its legal complaint, its analysis of the system suggests Facewatch and Southern Co-op are using LFR unlawfully.

For example, it claimed that although the organisations rely on there being a “substantial public interest” in their biometric data processing, there is little evidence to support this, and the information provided to shoppers and those on watchlists falls short of the General Data Protection Regulation’s (GDPR) transparency standards.

Read more about facial recognition technology

AWO’s analysis also found “real causes for concern about accuracy and safeguards in creating the watchlists and making interventions”, which could lead to biased and unfair outcomes.

“Facewatch and Southern Co-op are pushing, and may be exceeding, the boundaries of what the law allows for this novel and powerful technology,” said AWO. “Without action, there is a risk of a creeping rebalancing of power away from individuals and towards companies in our public spaces. This is what our data rights are for – they can give us a say in whether and how companies can use technology to exercise power over us. But that only works if those rights are enforced.”

AWO solicitor Alex Lawrence-Archer added: “This kind of high-risk biometric processing needs a strong justification, and it’s not at all clear that Facewatch and Southern Co-op meet that test.”

Other specific violations of UK data protection law that are alleged to have taken place include: that Southern Co-op’s poor signage, lack of staff training and incomplete information online fails to meet GDPR transparency requirements; that it processes more data than is necessary, in breach of the data minimisation principle; that significant risks of unfair bias in watchlist creation breaches the fairness principle; and that it does not meet Article 9 conditions to process special category data, because the processing is not necessary for crime prevention, and is not in the substantial public interest.

It is further claimed that Southern Co-op’s “legitimate interest” for the processing is overridden by the interests of data subjects.

Responding to various allegations against the organisation’s use of LFR, Southern Co-op said watchlist images of people identified and evidenced as offenders are held for a year, rather than two, and that all scanned images of shoppers, regardless of whether they are on a watchlist, are retained for three days in the event that a crime is subsequently detected.

In response to the claim that it is adding customers to watchlists with no due process, Southern Co-op countered that it has “extensive procedures in place to mitigate any risks, and work with our facial recognition technology provider to ensure the facial recognition system is secure and is GDPR compliant”.

A spokesperson added: “We would welcome any constructive feedback from the ICO as we take our responsibilities around the use of facial recognition extremely seriously and work hard to balance our customers’ rights with the need to protect our colleagues and customers from unacceptable violence and abuse.”

Computer Weekly contacted Facewatch about the legal challenge. It said facial recognition is lawful for the purpose of crime prevention if strict criteria are followed, and that the company operates in “full adherence” with the law.

A spokesperson said: “Retail clients come to Facewatch because they are experiencing significant levels of crime and theft, in addition to a dramatic rise in assault and abuse of their staff.

“Any privacy intrusion is minimal and proportionate. Facewatch is proven to be effective at crime prevention and our clients experience a significant reduction in crime by using Facewatch. There is no evidence that Facewatch prevents regular customers from shopping – there is clear evidence that it deters crime.”

The spokesperson added that Facewatch has been open and collaborative with the ICO, and that the company welcomes any further constructive feedback: “We work hard to balance our many retail clients’ customers rights with the need to protect their staff and customers from unacceptable violence and abuse across the UK.”

In May 2020, Facewatch announced that it had developed a “periocular” algorithm that allows its cameras to make identifications by scanning the area between a person’s cheekbones and eyebrows, and that the algorithm will be accessible to all existing licence holders under active maintenance, at no extra cost.

Facewatch is not the only company to have developed such algorithms, however. The onset of Covid-19 prompted a slew of biometric firms to update their facial-recognition technology to identify people wearing face masks.

Read more on Artificial intelligence, automation and robotics

CIO
Security
Networking
Data Center
Data Management
Close