Facial recognition scans a face as they use self checkout at a store.

Addressing Privacy, Compliance and Customer Experience in Retail

Just as it has with many other industries, digital transformation has been sweeping across the retail sector. IT systems have been helping to streamline some retail operations for years now, and more recent innovations have revolved around automating the shopping experience through the use of self-checkout kiosks and other self-service tools.

As more consumer data have been digitized and collected, stringent new privacy regulations have started to emerge. Laws such as General Data Protection Regulation (GDPR) and the California Consumer Privacy Act have been designed to protect consumer privacy, but even major global companies are finding themselves ensnared in privacy-focused lawsuits. McDonald’s, for example, is facing legal action under Illinois’ Biometric Information Privacy Act (BIPA), thanks to its voice recognition technology installations at select drive-throughs, and the popular retailer Macy’s is in court over its use of biometric security surveillance technology.

Fortunately, new tools are available to help retailers ensure that they are complying with privacy regulations and keeping their customer data safe. Chief among these tools is properly implemented facial biometrics, which can be used to confirm customer identity without collecting any more information than is necessary, keeping it in line with regulation compliance.

Age verification offers an excellent illustration of how this works in practice. If a customer has enrolled in face-based shopping in a grocery store, throwing a bottle of wine into the shopping basket won’t add any friction, or require the customer to divulge any extra personal information at the checkout. That’s because the POS terminal recognizes the customer immediately via facial recognition and can thereby verify the customer’s age by linking to their profile. There is no need to hand over a photo ID containing irrelevant Personally Identifiable Information (PII), such as home address, for age verification.

Indeed, while facial recognition has suffered from the perception that it is incompatible with privacy, a properly designed facial recognition system can actually help a business to go above and beyond the privacy protection standards of most regulations.

As detailed in HID Global’s new eBook, The Ultimate Retail Experience Starts With Facial Recognition, the right biometric system will protect privacy by adhering to three critical premises:

  • Options for opt-in and opt-out: It is entirely the customer’s decision to opt in, ensuring that the consent-based requirements of privacy regulations are fulfilled. Remote enrollment through an app is easy and fast, by only asking the user to submit a selfie and a picture of a government ID, the system precludes any doubt that the customer has willingly chosen to submit their data. It is also crucial that any database of customer information — biometric or otherwise — has the ability to allow customers to opt out.
  • Anonymous templates: While the biometric system ties a customer’s information to their face, the latter is stored as a biometric template that cannot be reverse-engineered. Even if a hacker could access it, the template could not be used to retrieve associated PII, rendering it worthless to the thief or any other malefactor.
  • Networkwide security: Applying database encryption to all stored data adds a powerful security layer to protect against data breaches. Using secure, encrypted end-to-end transmission between data points guards against man-in-the-middle cyberattacks in which communications are surreptitiously intercepted by a third party.

With these privacy-focused protections built into its foundation, a biometric system can actually serve to enhance customer privacy while delivering an innovative and convenient customer experience. There doesn’t have to be a tradeoff between customer convenience and regulatory compliance. With automated facial recognition technology, retailers can better serve and protect their customers while future-proofing compliance with privacy regulations.

Read HID Global’s new eBook, The Ultimate Retail Experience Starts With Facial Recognition to learn more about how this innovation can be leveraged to everyone’s benefit.