Canadian privacy regulator concludes identity scanning technology in Alberta liquor stores illegal – JURIST – News

The Office of the Information and Privacy Commissioner (OCIP) of Canada published the conclusions of its investigation on Thursday at Alcanna Inc. retail liquor stores in Alberta. The investigation found that Alcanna’s use of identity scanning technology violated the Privacy Act of Alberta (PIPA) by collecting more than a reasonable amount of personal data.

The investigation was opened on January 23, 2020, due to widespread privacy concerns in the media after Alcanna announced the launch of an identity scanning pilot project at three liquor stores in Edmonton. The project would use Patronscan technology operated by Servall Data Systems Inc. The project required individuals to scan the barcode on the back of their driver’s license to enter liquor stores and aimed to combat the growing incidents of robberies, robberies and violence at Alcanna stores.

CIPO noted that while section 69.2 of the Alberta Gambling, Alcohol and Cannabis Act (GLCA) authorized the collection of a person’s name, age and photograph before allowing a person to enter licensed premises, Alcanna was collecting additional information on gender and partial postal codes for a “More precise identification”. In addition, although the system did not retain all the information about the driver’s license barcode, it decodes and processes it first to extract the relevant information.

CIPO has found that the limited period during which it collects such information and the additional collection, use and disclosure of gender and partial postcode information exceeds reasonable extent to achieve the stated purpose of identify those involved in criminal activity.

CIPO also found that while consent to collect name, age, and photograph information is exempt under the GCLA, Alcanna did not obtain the required consent for collection, l ‘use and disclosure of additional gender and postal code information.

Therefore, Alcanna’s project violates Articles 11 (2), 16 (2) and 19 (2) of PIPA. CIPO recommended that the company stop collecting personal information beyond what is permitted under the GLCA.

Information and Privacy Commissioner Jill Clayton said:

“… This survey reminds all businesses that how technology is implemented and what features are used, along with several other important considerations such as context, can have substantial implications for compliance. “