Chaayos has rolled out facial recognition software at its outlets to register customers for their loyalty program. Customers complained that their facial data was collected without asking for consent or even being offered an opportunity to opt-out. Most of them were clueless about exactly what this data would be used for.
The idea behind rolling out such a software is that generation of an OTP or One-Time Password while registering users for their loyalty program is cumbersome but is it that a valid justification for collecting such sensitive private data?
Overall, the usage of facial recognition software by a tea serving company seems extremely illogical, unnecessary and disproportionate to the service that is being provided. Why can’t I get a cup of tea without having my biometric data being collected? The common consciousness should shun this move in the name of protection of our privacy. Normalizing facial recognition would mean normalizing surveillance which is a direct violation of our fundamental right of privacy.
It is important that we understand the risks involved, when technology is being sold to us in the name of convenience. Our country still does not have adequate laws to provide safeguards against the misuse of such private data. Defending its move, Chaayos was seen releasing a statement clarifying that they were extremely conscious of their customer’s privacy and the facial recognition software was only being tested at select cafes.
It should be noted here that our Government is yet to roll out a nationwide data protection law. A bill is rumoured to be introduced in the next winter session of the Parliament in December. Privacy concerns are a serious issue in this Internet age which is witnessing a rapid rise in artificial intelligence and cloud computing.
The Supreme Court in the case of Justice K S Puttaswamy (Retd.) & Anr. v. Union of India & Ors. (more commonly known as the Aadhar Judgment of 2017) said that, “In today’s digital age, the right to privacy is ‘the cornerstone that safeguards who we are and supports our on-going struggle to maintain our autonomy and self-determination in the face of increasing state power.’ The proliferation of biometric technology has facilitated the invasion of individual privacy at an unprecedented scale. The raw information at the heart of biometrics is personal by its very nature.
Biometric technology is unique in the sense that it uses part of the human body or behaviour as the basis of authentication or identification and is therefore intimately connected to the individual concerned.
Firstly, the ability to control personal information about oneself is closely related to the dignity of the individual, self- respect and sense of personhood. Secondly, there is a sense of physical privacy that transcends the purely physical part and is aimed essentially at protecting the dignity of the human person. It is a safeguard against intrusions into persons’ physical bodies and spaces.
Another issue is of property rights with respect to privacy, which concerns the appropriation and ownership of interests in human personality. In many jurisdictions, the basis of informational privacy is the notion that all information about an individual is in some fundamental way their own property, and it is theirs to communicate or retain as they deem fit.
The collection of most forms of biometric data requires some infringement of the data subject’s personal space.”