Fast food and beverage retail chain, Chaayos, has found itself in a midst of controversy after journalist and MediaNama founder, Nikhil Pahwa, uploaded a video on YouTube, showing that the company has deployed facial recognition systems at its outlets. While the company claims that the new technology will enable seamless payments and faster checkouts, privacy advocates are sounding the alarm bells at the new development.
. @Chaayos doing facial recognition instead of OTP. I took this video today.https://t.co/ecgOf56F2P
Issues:
1. No terms&conditions displayed
2. Consent isn't real when there's no opt out option
3. We don't know if chaayos will sell this data/gives itself the right toMore 👇
— Nikhil Pahwa (@nixxin) November 20, 2019
As is being pointed out by many on social media, not only is the company not seeking the explicit consent of customers before capturing their facial data, it is also not offering them an option to opt out of the invasive biometric process. However, what’s even more alarming is a paragraph from company’s T&C page that says it cannot guarantee the customer data would always remain private.
Love your chai @Chaayos, but bring back the phone number authentication.
Facial recognition is eerie & disturbing & should be opt-in.
The cashier at SDA refused to let me use my existing @Chaayos wallet balance unless I register my face. #chaiSurvelliance #dystopian
— Ankit (@ankitmalik) November 16, 2019
According to the company, “although Sunshine Teahouse (the holding company of Chaayos) is committed to protecting customer’s privacy, Sunshine Teahouse does not promise or guarantee the same and customer should not expect, that customer’s personal information should always remain private”. What that means is that the company may share your private data with any third-party for any reason at any given time without your consent.
However, the company denied some of those allegations in a statement to NDTV, saying: “Data from the facial recognition feature is encrypted and cannot be accessed by any party, including Chaayos itself except for the purpose of logging-in our customers. There is no third party sharing of the data for any purpose. And Chaayos does not use or process this information for any other purpose. Moreover, customers have the right to not opt in for facial recognition feature …”.
It’s not immediately clear when the technology was deployed, but a report from Inc42 seems to suggest that it started at least earlier this month. In a country with no norms for facial recognition and no strict privacy laws to speak of, biometric data can be a ticking time-bomb, as has already been proven by the torrent of leaks from the Aadhaar database. That being the case, it will be interesting to see how this controversy pans out going forward.
Featured Image Courtesy: D for Delhi
