Greg

I have in other sections of this thread. I don't want to copy and paste but I'm happy to answer any specific questions.

You pretend to care about consent and privacy and then mention my daughter by name here. You'll notice I share photos and details about my daughter from accounts on servers I control. There is an implicit agreement in the fediverse to respect people's privacy. I obviously don't rely on that implicit agreement because some people do unethical things as demonstrated in your post. I protect my daughter from legitimate online privacy and security threats, I don't play privacy and security theatre.

This vending machine is taking biometrics off of everyone who walks past

You have no evidence of this and there is no mention of this in the article. This also doesn't make any sense from an implementation perspective.

GDPR doesn’t apply in Canada unless you are trying to operate business in Europe.

You're correct that GDPR doesn't apply in Canada, it's just that GDPR is usually the strictest compliance so it's usual for companies to meet that compliance as a minimum.

Compliance only matters if you can’t afford a fine.

GDPR fines can be tied to global revenue.

When your beliefs don't align with the facts, consider changing your beliefs instead of doubling down on your opinions, making things up, and doing unethical things. Please try better.

This type of analysis is cheap nowadays. You could easily fit a model to extract demographics from an image on a Jetson Nano (basically a Raspberry Pi with a GPU). Models have gotten more efficient while hardware has also gotten cheaper.

Marketing is often targeted, especially online (which is a huge privacy issue). I would guess they are using the data from these vending machines to measure the success of their marketing campaigns.

Arguing that I have no concept of digital privacy because I choose to share my name and face is an ignorant statement and demonstrates how little you understand the concept of online privacy. For context, I work in tech in Canada, I deal with GDPR and other compliances. I understand the technology, the risks, and the attack vectors. These vending machines are not a serious threat to individuals privacy. Facebook, Google, Amazon, are serious threats. Focus your energy on the actual risks instead of making uninformed comments.