7-Eleven Breached Customer Privacy by Collecting Facial Imagery Without Consent
upstart writes:
7-Eleven breached customer privacy by collecting facial imagery without consent:
In Australia, the country's information commissioner has found that 7-Eleven breached customers' privacy by collecting their sensitive biometric information without adequate notice or consent.
From June 2020 to August 2021, 7-Eleven conducted surveys that required customers to fill out information on tablets with built-in cameras. These tablets, which were installed in 700 stores, captured customers' facial images at two points during the survey-taking process -- when the individual first engaged with the tablet, and after they completed the survey.
After becoming aware of this activity in July last year, the Office of the Australian Information Commissioner (OAIC) commended an investigation into 7-Eleven's survey.
During the investigation [PDF], the OAIC found 7-Eleven stored the facial images on tablets for around 20 seconds before uploading them to a secure server hosted in Australia within the Microsoft Azure infrastructure. The facial images were then retained on the server, as an algorithmic representation, for seven days to allow 7-Eleven to identify and correct any issues, and reprocess survey responses, the convenience store giant claimed.
The facial images were uploaded to the server as algorithmic representations, or "faceprints", that were then compared with other faceprints to exclude responses that 7-Eleven believed may not be genuine.
7-Eleven also used the personal information to understand the demographic profile of customers who completed the survey, the OAIC said.
[...] 7-Eleven has also been ordered to destroy all the faceprints it collected.
Read more of this story at SoylentNews.