University of Waterloo Removes Vending Machines Over Secret Facial Recognition Scandal

Thumbnail Image

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

The University of Waterloo removed M&M-branded vending machines after students discovered they secretly used AI-powered facial recognition to collect biometric data without consent. The incident, revealed by a student’s Reddit post, raised significant privacy concerns and led to the university disabling and removing the machines.[AI generated]

Why's our monitor labelling this an incident or hazard?

The vending machines use AI systems for facial recognition and demographic profiling, which are explicitly mentioned. The use of these AI systems without clear user consent or warning constitutes a violation of privacy rights, a form of harm to individuals' rights under applicable law. The harm is indirect but real, as students felt their privacy was invaded and reacted negatively, prompting institutional action. Therefore, this qualifies as an AI Incident due to the realized harm linked to the AI system's use.[AI generated]
AI principles
Privacy & data governanceRespect of human rightsTransparency & explainabilityAccountabilityRobustness & digital security

Industries
Education and trainingConsumer productsFood and beveragesDigital security

Affected stakeholders
Consumers

Harm types
Human or fundamental rightsPsychologicalReputational

Severity
AI incident

Business function:
Marketing and advertisementMonitoring and quality control

AI system task:
Recognition/object detection


Articles about this incident or hazard