this post was submitted on 24 Feb 2024
373 points (98.4% liked)
Technology
59421 readers
2852 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
This seems like an over reaction by people who don't understand the technology or associated risks. Focus on the implementation not the tech. There is no indication that the vending machine is inappropriatly storing or transmitting personally identifiable information or that its making decisions based on biased data.
There is no indication that the vending machine was collecting customer biometrics. In fact that would prevent it from being GDPR compliant.
That's not true. They're likely using a model that identifies some demographic attribute and associating that with a purchase. It's 2024, this can all be done on the machine. The machine doesn't need to store the individuals data etc. If the vending is storing enough data to identify individuals then it wouldn't be GDPR compliant.
Consent is a requirement for GDPR compliance. They are likely taking an image from the camera, extracting semantic attributes from the image, and then discarding the image. The length of time the individual is standing there making the purchase is likely longer than the image is stored in memory while extracting the attributes.
I bet there is no button "consent to biometrics collection"
And it most definitely isn't. GDPR requires explicit consent for collecting OR processing personal information. As per the European Commission, just taking the picture and extracting some metrics off of it already counts as processing personal information:
https://commission.europa.eu/law/law-topic/data-protection/reform/what-constitutes-data-processing_en