Mercado Libre Fined for Illegal Facial Recognition Requirement in Colombia

Facial recognition is an AI system processing sensitive biometric data. Mercado Libre's conditioning of access on providing biometric data constitutes a violation of data protection laws and users' rights (habeas data). This is a breach of legal obligations protecting fundamental rights. The sanction confirms that harm has materialized. Therefore, this event qualifies as an AI Incident due to violation of human rights through the use of an AI system (facial recognition).

The article explicitly mentions the use of facial recognition, an AI system, to process biometric data as a condition for user account access. This use violated legal protections for sensitive data and users' rights, constituting a breach of fundamental rights under applicable law. The harm is realized as users' rights were infringed, and the company was fined. Therefore, this qualifies as an AI Incident due to the direct harm caused by the AI system's use in biometric data processing violating legal and fundamental rights.

The facial recognition system used by Mercado Libre is an AI system involved in biometric identification. The company's conditioning of account access on biometric data led to a legal sanction for violating data protection laws, which protect fundamental rights. This is a direct harm related to the AI system's use, fulfilling the criteria for an AI Incident under violations of human rights or breach of applicable law. The appeal and company statements do not negate the realized harm but provide context on ongoing legal processes.

The use of facial recognition involves AI systems processing biometric data, which is sensitive personal data. Mercado Libre's conditioning of account access on mandatory facial recognition without alternatives and refusal to delete biometric data constitutes a violation of data protection laws and users' rights (human rights). This is a direct harm to fundamental rights and privacy, fulfilling the criteria for an AI Incident under violations of human rights or breach of legal obligations. The event reports an actual sanction and harm, not just a potential risk or complementary information.

The event explicitly involves an AI system (facial recognition technology) used for authentication, which is an AI system processing sensitive biometric data. The misuse of this AI system's outputs (conditioning access on biometric data without legal basis and failure to delete data) led to a violation of personal data protection rights, a breach of applicable law protecting fundamental rights. Therefore, this constitutes an AI Incident as the AI system's use directly led to a violation of rights and legal obligations. The regulatory sanction confirms the harm has materialized.

The article explicitly mentions the use of facial recognition technology, an AI system, for biometric authentication. The company conditioned access to its platform on providing biometric data, violating data protection laws and users' rights (habeas data). This is a direct harm to fundamental rights and personal data protection, fitting the definition of an AI Incident under violations of human rights and breach of legal obligations. The regulatory sanction confirms the harm has occurred, not just a potential risk. Hence, the event is classified as an AI Incident.

The event involves an AI system (facial recognition) whose use violated data protection laws, constituting a breach of rights. However, the article centers on the regulatory sanction and the company's response, not on a new or ongoing harm caused by the AI system. Therefore, it is best classified as Complementary Information, as it provides context and updates on governance and legal proceedings related to AI use, rather than reporting a new AI Incident or AI Hazard.

The article explicitly mentions the use of facial recognition technology, an AI system, for user authentication. The company conditioned access to accounts on providing biometric data, violating data protection laws and users' rights (habeas data). This misuse of AI led directly to a breach of fundamental rights and legal obligations, causing harm to users' privacy and control over their personal data. The regulatory sanction confirms the harm has materialized. Hence, this is an AI Incident involving violation of rights due to AI system use.

The article describes Mercado Libre's use of facial recognition technology, an AI system processing biometric data, which is sensitive personal information. The company's actions violated data protection regulations by conditioning access on biometric data and refusing to delete it, thus breaching legal rights. This constitutes a violation of human rights and legal obligations under applicable law, fitting the definition of an AI Incident due to the direct harm to users' rights and privacy caused by the AI system's use.

The use of facial recognition technology implies the involvement of an AI system processing biometric data. The incident involves the misuse of this AI system in handling sensitive personal data, violating legal protections and users' rights (habeas data). The harm is a violation of fundamental rights and legal obligations, which fits the definition of an AI Incident under violations of human rights or breach of applicable law protecting fundamental rights. Therefore, this event qualifies as an AI Incident.

The use of facial recognition technology (an AI system) by Mercado Libre to condition account access constitutes use of sensitive biometric data without proper legal basis, violating data protection laws and users' rights. This is a clear violation of human rights and legal obligations related to personal data protection. The sanction by the Colombian authority confirms that harm has occurred due to the AI system's use. Therefore, this event qualifies as an AI Incident due to the realized violation of rights caused by the AI system's use.

The incident involves the use of biometric data, which is sensitive personal data, and the company's failure to comply with legal requirements for processing such data. The use of biometric recognition implies an AI system for facial recognition. The violation of data protection rights and conditioning access on biometric data without explicit consent constitutes a breach of fundamental rights. Therefore, this event qualifies as an AI Incident due to the direct harm to users' rights caused by the AI system's misuse.

The event explicitly involves the use of an AI system (facial recognition) in a way that led to a violation of constitutional rights and legal prohibitions on processing sensitive biometric data. The harm is realized as a breach of rights and legal obligations, meeting the criteria for an AI Incident under the framework. Therefore, this is classified as an AI Incident due to the direct harm caused by the AI system's use in facial recognition without proper legal basis and consent.

Facial recognition is an AI system that processes biometric data to authenticate users. Mercado Libre's requirement of facial recognition data for access constitutes the use of an AI system in a way that infringed on users' rights to data privacy and protection, violating legal frameworks. The sanction and orders from the regulatory authority confirm that harm occurred due to the AI system's use. Therefore, this event qualifies as an AI Incident because the AI system's use directly led to a breach of fundamental rights and legal obligations.

The event involves an AI system component—facial recognition biometric authentication—used improperly by Mercado Libre. The use of AI for biometric recognition is explicit, and the incident involves the development and use of this AI system leading to a violation of fundamental rights and legal protections (a breach of obligations under applicable law). The harm is realized, as users were forced to provide biometric data without proper consent and the company refused to delete data upon request, constituting a violation of rights. Therefore, this qualifies as an AI Incident due to direct harm caused by the AI system's use in authentication and the resulting legal and privacy violations.

The use of facial recognition technology constitutes an AI system processing sensitive biometric data. The company's actions led to a breach of data protection laws and users' rights, causing harm through unlawful data processing practices. The regulatory sanction confirms the harm has materialized. Hence, this is an AI Incident due to violation of rights caused by the AI system's use.