OTTAWA -- Without customers’ knowledge, more than five million images of Canadian shoppers were collected through facial recognition software used by Cadillac Fairview, a parent company of malls across the country, according to an investigation by privacy officials.

The federal privacy commissioner reported Thursday that Cadillac Fairview contravened federal and provincial privacy laws by embedding cameras inside digital information kiosks at 12 shopping malls across Canada, and captured users’ images without their consent.

The facial recognition software installed in Cadillac Fairview’s “wayfinding” directories was called “Anonymous Video Analytics (AVA) and through cameras installed behind protective glass, was used in Canadian malls for a brief testing period in 2017 and then was in-use between May and July of 2018.

The software took temporary digital images of the faces of any individual within the field of view of the camera inside the directory and converted the images into biometric numerical representations of each face and used that information to compile demographic information about mall visitors.

According to the report, the technology was used in directories at the following locations:

  • CF Market Mall in Alberta
  • CF Chinook Centre in Alberta
  • CF Richmond Centre in British Columbia
  • CF Pacific Centre in British Columbia
  • CF Polo Park in Manitoba
  • CF Toronto Eaton Centre in Ontario
  • CF Sherway Gardens in Ontario
  • CF Lime Ridge in Ontario
  • CF Fairview Mall in Ontario
  • CF Markville Mall in Ontario
  • CF Galeries d’Anjou in Quebec
  • CF Carrefour Laval in Quebec

According to a statement from Privacy Commissioner of Canada Daniel Therrien, the company said the goal of its cameras was to “analyze the age and gender of shoppers and not to identify individuals.”

The corporation said that it did not collect personal information because the images were briefly looked at and then deleted, however the information generated from the images was being stored by a third-party contractor called Mappedin, which Cadillac Fairview said it was unaware of.

“When asked the purpose for such collection, Mappedin was unable to provide a response, indicating that the person responsible for programming the code no longer worked for the company,” reads the report.

Therrien notes in his report that Cadillac Fairview not being aware of Mappedin’s storage of the information “compounded the risk of potential use by unauthorized parties or, in the case of a data breach, by malicious actors.”

In an interview on CTV’s Power Play, Deputy Commissioner Brent Homan called it a “massive invasion of privacy” and not one that shoppers would have expected while at the mall. Homan said that one of the lessons Canadians should take away from this report is that facial recognition software is available for companies to use, and while they encourage entities to ask for consent before deploying it on the public, that’s not always the case. 

Cadillac Fairview—one of the largest owners and operators of retail and other properties in North America—“expressly disagreed” with the investigation’s findings, telling the commissioners that there were decals placed on shopping mall entry doors noting their privacy policy.

These stickers directed visitors to visit guest services to obtain a copy of the company’s privacy policy, but when the investigators asked a guest services employee at the Eaton location in Toronto, the employee was “confused by the request” and so Therrien found the stickers to be an “insufficient” measure.

“Shoppers had no reason to expect their image was being collected by an inconspicuous camera, or that it would be used, with facial recognition technology, for analysis,” said Therrien in a statement. “The lack of meaningful consent was particularly concerning given the sensitivity of biometric data, which is a unique and permanent characteristic of our body and a key to our identity.”

The investigation was launched in 2018, following several media reports about information kiosks in malls being equipped with unmarked cameras to monitor visitor demographics. Their examination in this case included visiting Cadillac Fairview’s Toronto headquarters to interview key personnel, viewing the AVA technology inside the wayfinding directories in action, and extracting records from the directories for forensic analysis.

The existence of the software came to light after a user posted an image to Reddit of a display screen at the CF Chinook Centre in Calgary showing coding language including “FaceEncoder” and “FaceAnalyzer.”

Commissioner Therrien’s office worked with Alberta Information and Privacy Commissioner Jill Clayton as well as the Information and Privacy Commissioner of British Columbia Michael McEvoy on the investigation.

“Not only must organizations be clear and up front when customers’ personal information is being collected, they must also have proper controls in place to know what their service providers are doing behind the scenes with that information,” Clayton said in a statement.

The trio of commissioners have expressed concern that the company hasn’t accepted their request to commit to ensuring meaningful and express consent is obtained from shoppers in the future should it choose to redeploy similar technology in the future.

In a statement provided to CTV News, Cadillac Fairview notes that the issue has been resolved, the data deleted, and the cameras have been deactivated. As well, the facial recognition software is no longer in use, but the company says it will not commit to its approach to “hypothetical future uses of similar technology.”

“The five million representations referenced in the OPC report are not faces. These are sequences of numbers the software uses to anonymously categorize the age range and gender of shoppers in the camera’s view,” the company said. “We thank the Privacy Commissioner for the report and recommendations on how to further strengthen our privacy practices and agree that the privacy of our visitors must always be a top priority.”