545
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 26 Feb 2024
545 points (98.9% liked)
Technology
60090 readers
2636 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 2 years ago
MODERATORS
Their corporate website mentions that they use the data for marketing purposes. Whatever type of face they see - e.g. male or female, large or skinny, etc. - gets correlated with what was purchased, and then they sell that data for marketing purposes. Exactly like Google selling your search history, except with likely fewer restrictions in place.
Their website doesn't mention how often they get hacked to give away that data for free - to be clear, that data meaning A PICTURE OF YOUR ACTUAL FUCKING FACE. I don't know what resolution, or even what someone would do with it later, I am focusing here on the fact that the picture taking seems nonconsensual, especially for it to be stored in a database rather than simply used in the moment.
That's not how this works. The most likely use case is using a picture of your face, letting the algorithm run (which then finds out if you're male, female, roughly how old) and then they throw the picture away. The actual collected data is anonymous, so if they did that it might even be GDPR compliant in the EU (otherwise they'd break several laws).
There really is no value in having a picture of your actual face, it's just a lot of trouble in waiting.
They claim to be GPDR compliant, and while I am not an EUian I think if that claim is accurate, they can't be doing any of those things you mention.
My point is, even if we take them at their word that the facial recognition is benign, it was still a dumb choice.
GPDR only applies in the EU, and this happened in Canada. They may actually be GPDR compliant in europe, but have they stated whether they are following those laws where they aren't legally required to?
Most companies who sell worldwide won't bother developing one set of firmware which is GPDR compliant for the EU, and another set for the rest of the world, unless there was an explicit business reason to do so. So when they replied about this incident in Canada with their GPDR status, I thought it was implied that they had only one codebase which was GPDR compliant, and they ship it in Canada, not because they have to but because it's all they have.
The assumption is exactly what they are hoping for and the problem. They say they adhere to the GPDR, but not that they adhere to it everywhere, regardless of legal requirement. If they do adhere to its requirements everywhere, it would be an easy thing to state.
The article has comments from the manufacturer and the company that stocks the machine and both state that they dont take or store pictures, but are purposely vague about what data they so take and storing. I expect this is due to it still being a creepy level of information about their customer base that is another revenue stream they exploit.