The video surveillance and security space is one such sector that continues to outpace government regulation, particularly when it comes to technology like facial recognition and artificial intelligence. The ability to recognize and track the activity of individual people is far ahead of what any regulatory agency expected, which has created blue ocean opportunities for AI startups. Of course, regulation will eventually catch-up and challenge the businesses built around this relatively unrestricted space. Just recently we have begun to see real world cases arise that have government agencies questioning the use of such technology and its impact on the general public.
Earlier this year, one of Canada’s largest mall companies was caught using facial recognition technology. One of the computers that run the digital help kiosks had crashed and an error message indicated an issue with the facial recognition software. A visitor to the mall took a picture of the message and posted it on Reddit. It didn’t take long before the media picked up on the photo and several news stories reported on it questioning the secret use of facial recognition and its impact on customer privacy. Federal and provincial privacy commissioners are investigating the incident and the mall owner (who admitted to using facial recognition in other facilities) has announced that they are ending the use of the technology.
What is particularly interesting about this case is that there is no clear regulation around the use of such technology. Surveillance cameras are allowed within the mall, and while facial recognition was secretly in use on cameras hidden within the kiosks, it could just have easily run on other cameras within the facility. The mall explained that they were simply using the cameras to collect age and gender demographics, and that none of the images were being stored. It is understandable that even without the images, information about customer gender and age can be extremely valuable to advertisers and store owners. Of course collecting data about the age and gender of your customers is not particularly invasive, especially if stored in a database and without the associated images. But it does raise concerns about how else the images could be used.
The European Union has taken a step to try and control the way this data is being used through the implementation of the GDPR or General Data Protection Regulation. It is progress in the right direction, though vague and difficult to enforce other than through punishment when a breach occurs. The GDPR outlines how the data of an identifiable individual is to be collected and used and while the EU is ahead of many others they are years behind considering the age of the internet and data storage.
For innovators in the security industry, the GDPR offers a guideline of what future regulation may look like around the world. As governments slowly catch on and begin to find ways to regulate and police this data, startups and even larger companies built around data collection could face significant difficulties. With artificial intelligence advancing at unprecedented rates, there are thousands of companies building their businesses around services like facial recognition and other demographic data. While these businesses enjoy rapid growth today and unlimited possibilities, it is difficult to imagine that the collection of such data will go unregulated forever. Of course once government agencies do catch-up to data privacy for artificial intelligence, many of today’s most innovative AI businesses may suddenly find themselves struggling to survive.
Colin Bodbyl is the chief technology officer for UCIT Online.