University vending machine error reveals use of secret facial recognition | A malfunctioning vending machine at a Canadian university has inadvertently revealed that a number of them have been usin…::Snack dispenser at University of Waterloo shows facial recognition message on screen despite no prior indication
That’s not true. They’re likely using a model that identifies some demographic attribute and associating that with a purchase. It’s 2024, this can all be done on the machine. The machine doesn’t need to store the individuals data etc. If the vending is storing enough data to identify individuals then it wouldn’t be GDPR compliant.
deleted by creator
Consent is a requirement for GDPR compliance. They are likely taking an image from the camera, extracting semantic attributes from the image, and then discarding the image. The length of time the individual is standing there making the purchase is likely longer than the image is stored in memory while extracting the attributes.
And it most definitely isn’t. GDPR requires explicit consent for collecting OR processing personal information. As per the European Commission, just taking the picture and extracting some metrics off of it already counts as processing personal information:
https://commission.europa.eu/law/law-topic/data-protection/reform/what-constitutes-data-processing_en