The Dutch Data Protection Authority (DPA) has issued a formal warning to a supermarket for its use of facial recognition technology. Although the facial recognition technology has been disabled since December 2019, the supermarket wished to turn it back on.
Facial recognition technology uses biometric data to identify people. The use of facial recognition for security is prohibited in all but two situations.
The first is if the people have given explicit consent for their data to be processed. Here, although the owner of the supermarket claims customers had been warned that the store used facial recognition technology, the customers did not give explicit consent for this.
The other exception is if facial recognition technology is necessary for authentication or security purposes, but only in so far as substantial public interest is concerned. The supermarket claims that this is the case. The DPA considers that it is not.