Rite Aid has been banned by the Federal Trade Commission (FTC) from using facial recognition technology for surveillance purposes for five years. The retailer failed to implement proper procedures, resulting in false tagging of consumers as shoplifters. The FTC’s order aims to protect consumer rights and prevent further misuse of the technology. Rite Aid will be required to implement comprehensive safeguards and discontinue using the technology if potential risks to consumers cannot be controlled.
The FTC’s complaint states that Rite Aid deployed facial recognition technology from 2012 to 2020 without taking reasonable measures to prevent harm to consumers. This led to erroneous accusations and mistreatment of customers, particularly impacting women and people of color. The technology generated thousands of false-positive matches, often flagging innocent customers based on inaccurate data. Rite Aid collected tens of thousands of low-quality images from various sources to create a database of “persons of interest.”
In addition to the ban, Rite Aid will need to establish a robust information security program overseen by top executives. The company violated its 2010 data security order with the FTC by failing to implement a comprehensive information security program and adequately assess the security of its third-party service providers. The proposed order also requires Rite Aid to delete all images and photos collected through its facial recognition system, notify consumers when their biometric information is enrolled in a database, and investigate and respond to consumer complaints related to the technology.
The FTC’s ban highlights the importance of preventing the misuse of biometric information and signals the agency’s commitment to protecting the public from unfair surveillance practices and data security breaches. The order will go into effect after approval from the bankruptcy court and the federal district court, as well as modification of the 2010 order by the Commission.