A multi-city teahouse chain in India is coming under fire for its use of facial recognition to identify customers.
Ostensibly, the face scanning technology is used only in Chaayos’ loyalty program, enabling the teahouse chain to link enrolled customers’ payment accounts to their faces. But one unhappy customer – and editor of what the BBC describes as a media watchdog organization – Nikhil Pawha, set off a cascade of social media discussion when he tweeted that Chaayos staff took his picture without his consent, even though he wasn’t part of Chaayos’ loyalty program.
To make matters worse, Pawha discovered in Chaayos’ service agreement a warning that its customers “should not expect that personal information should always remain private”, as well as a notice that Chaayos may “disclose information to government authorities or competent authorities or credit bureaus or third persons”.
For its part, Chaayos has responded to the controversy on Twitter with assertions that the “Data from the facial recognition feature is encrypted & cannot be accessed by any party, including Chaayos itself except for the purpose of logging-in our customers”; and that “There is no third party sharing of the data for any purpose.”
These statements would seem to contradict the company’s own terms and conditions, with the latter presumably being the official, legal stance of the company.
The controversy helps to illustrate the risks of intrusive data collection in the private sector when there are no regulations in place concerning biometric data, as is the case in India. It is a mirror image of the situation in Illinois, the American state with the most stringent biometric privacy law, where a rapidly growing number of lawsuits cases have emerged over this same issue.
November 22, 2019 – by Alex Perala