A malfunctioning vending machine at a Canadian university has inadvertently revealed that a number of them have been using facial recognition technology in secret.
Earlier this month, a snack dispenser at the University of Waterloo showed an error message – Invenda.Vending.FacialRecognition.App.exe – on the screen.
There was no prior indication that the machine was using the technology, nor that a camera was monitoring student movement and purchases. Users were not asked for permission for their faces to be scanned or analysed.
“We wouldn’t have known if it weren’t for the application error. There’s no warning here,” River Stanley, who reported on the discovery for the university’s newspaper, told CTV News.
Invenda, the company that produces the machines, advertises its use of “demographic detection software”, which it says can determine gender and age of customers. It claims the technology is compliant with GDPR, the European Union’s privacy standards, but it is unclear whether it meets Canadian equivalents.
In April, the national retailer Canadian Tire ran afoul of privacy laws in British Columbia after it used facial recognition technology without notifying customers. The government’s privacy commissioner said that even if the stores had obtained permission, the company failed to show a reasonable purpose for collecting facial information.
The University of Waterloo pledged in a statement to remove the Invenda machines “as soon as possible”, and that in the interim, it had “asked that the software be disabled”.
In the meantime, students at the Ontario university responded by covering the hole that they believe houses the camera with gum and paper.