The sight of a notice on a retail storefront instructing you to look directly into a camera before being granted entry can easily spark concerns in an age of ever-advancing surveillance technology. This very scenario at Rogers and Fido locations has fueled widespread speculation that the telecommunications giant is employing facial recognition to screen its customers, capturing and analyzing biometric data with every buzz of the intercom. However, a comprehensive analysis of the company’s official statements, its published privacy policies, and the stringent legal framework governing data collection in Canada reveals a different story. The investigation methodically dismantles this claim, demonstrating that while the cameras are indeed recording for security, the system stops short of the biometric analysis that defines facial recognition. This distinction is critical, separating standard, legally permissible security measures from a far more invasive form of data collection that is heavily regulated and requires explicit, unambiguous consent from the public.
The Company’s Stance and System
Clarifying Camera Use vs Biometric Analysis
A fundamental distinction must be made between video recording and biometric analysis, and Rogers Communications has been explicit in its position on the matter. Facial recognition technology is not merely a camera; it is a sophisticated process that creates a unique digital map of an individual’s facial characteristics—a “faceprint”—and compares it against a database to verify identity. The company has unequivocally denied using this type of technology in its retail stores. According to a company spokesperson, the system in place is an “enhanced door screening that records video of individuals as they enter,” with the stated purpose being to “support the safety of team members and customers in our stores.” This practice of screening individuals at the door, which has been operational since at least 2022, involves capturing video footage that is stored for only a limited period. Crucially, the company asserts that this data is not subjected to any form of biometric processing, analysis, or comparison, positioning the system as a modern security measure akin to a digital peephole rather than an identity verification tool.
Further examination of the company’s official privacy policy corroborates the spokesperson’s statements and adds important nuance to its data collection practices. The policy openly acknowledges the collection of certain forms of biometric data, but in contexts far removed from in-store cameras. For instance, it cites the analysis of typing patterns and mouse movements on its digital platforms to prevent fraud, as well as the use of voice biometrics for customers who have voluntarily enrolled in the company’s voice ID verification program for call centers. When addressing in-store video recordings, the policy’s language is specific and aligns perfectly with standard security protocols. It states that this footage is collected to “maintain the safety of our clients, employees and others, protect against illegal activity, such as theft, vandalism and fraud.” This purpose is consistent with conventional loss prevention and safety measures, reinforcing the conclusion that the cameras serve a traditional surveillance function rather than a biometric one. The transparency about other biometric uses elsewhere in the business makes its omission regarding store cameras all the more significant.
Canada’s Privacy Law PIPEDA
The collection and use of personal information by private sector organizations in Canada are primarily governed by the Personal Information Protection and Electronic Documents Act (PIPEDA). A central pillar of this federal law is the requirement for organizations to obtain meaningful and reasonable consent before collecting, using, or disclosing an individual’s personal data. For general video surveillance in areas accessible to the public, the threshold for consent is typically met by posting clear and visible notices at the entrance of the premises. These signs effectively inform individuals that they will be recorded upon entry. This allows for a form of implied consent; by choosing to enter the establishment after seeing the notice, a person tacitly agrees to be filmed for the stated purpose. The notices posted on Rogers and Fido store windows, which instruct customers on the entry procedure and state that entry may be refused as a safety measure, align with this established legal standard for conventional video recording. They fulfill the basic obligation of transparency required under PIPEDA for non-invasive security surveillance.
Once video footage is lawfully collected, PIPEDA imposes strict rules on how that information can be managed, ensuring it is not misused. The principle of “purpose limitation” is paramount, meaning the data can only be used for the specific, identified purpose for which it was collected—in this case, store security and safety. It cannot be repurposed for marketing, customer tracking, or other analyses without obtaining new consent. Furthermore, the law mandates that the information must be stored securely to prevent unauthorized access and must be destroyed once it is no longer required to fulfill its original purpose. While individuals generally have the right to access their personal information held by an organization, there are specific legal circumstances where that information can be disclosed without their consent. These exceptions are narrowly defined and include situations involving a warrant, a subpoena, or a formal request from a government or law enforcement agency conducting an investigation or addressing matters of national security. These regulations create a tight container around the use of even standard video footage.
The Regulatory Landscape and Legal Precedents
The Higher Bar for Facial Recognition
While general video surveillance is common, the legal standard for collecting biometric information like a facial scan is drastically higher under Canadian privacy law. The Office of the Privacy Commissioner of Canada (OPC), the federal body responsible for enforcing PIPEDA, has made it clear that the consent obtained for a simple video recording does not extend to the extraction and analysis of biometric data from that footage. An OPC spokesperson clarified that for a company to lawfully use facial recognition, it “must specify separately and explicitly that biometric information will be collected, used, or disclosed.” This would require a distinct and unambiguous notice that goes far beyond a simple “you are being recorded” sign. An organization would need to clearly inform individuals that their unique facial features are being mapped, stored, and compared, and it would need to obtain explicit consent for this specific, highly invasive activity. Rogers’ current notices do not meet this elevated requirement, which is a key piece of evidence indicating that its systems are not engaged in biometric scanning.
The stringent requirements for collecting biometric data are directly reinforced by the actions—or in this case, the inaction—of the federal privacy watchdog. The Office of the Privacy Commissioner of Canada confirmed that it has not received any complaints from the public regarding the use of facial recognition technology at Rogers retail locations. Consequently, the OPC has not opened any formal investigations into the company for such practices. In a regulatory environment where consumer complaints often trigger compliance reviews and formal inquiries, this absence is significant. It suggests that from the perspective of the country’s primary privacy authority, there has been no discernible evidence or public outcry to warrant scrutiny of Rogers’ in-store security systems. This lack of regulatory engagement provides strong corroboration for the company’s public denials and supports the conclusion that its camera-based screening operates within the established legal boundaries for standard video surveillance, not the much stricter ones reserved for biometrics.
Past Violations Underscore Strict Rules
The gravity of misusing facial recognition technology is best understood through precedent-setting cases where Canadian companies were found to have violated privacy laws. A landmark investigation in 2020 found that real estate giant Cadillac Fairview had embedded facial recognition technology within digital information kiosks across 12 of its shopping malls. The system surreptitiously collected over five million images of shoppers, using the biometric data for demographic analysis, such as estimating age and gender, all without customers’ knowledge or consent. The company argued that decals on its doors referring to its general privacy policy were sufficient to obtain consent. However, federal, provincial, and territorial privacy commissioners jointly rejected this argument, ruling that such a passive and vague notice was wholly inadequate for such an invasive technology. This case established a clear precedent that companies cannot bury consent for biometric collection in fine print and must be proactively transparent about its use.
More recently, a 2023 ruling by British Columbia’s privacy commissioner further solidified these strict standards. The investigation found that several Canadian Tire stores in the province had used facial recognition technology without obtaining proper customer consent. The company had justified its use of the technology on the grounds of enhancing “safety and loss prevention.” The commissioner, however, ruled that this purpose was not a reasonable justification for deploying such an privacy-intrusive form of data collection on the general public. This decision was pivotal because it demonstrated that even with a seemingly legitimate business reason, the use of facial recognition on customers is likely to be deemed disproportionate to the stated goal. These cases collectively illustrate the high legal and ethical bar set by regulators, showcasing an active enforcement environment that makes it exceedingly difficult for a company to covertly or improperly deploy facial recognition technology without facing significant legal consequences.
A Conclusive Assessment on Surveillance Practices
The investigation into the claims against Rogers Communications provided a clear verdict. The convergence of the company’s direct denials, the specific language within its privacy policy, and the stringent requirements of Canadian privacy law all pointed to the conclusion that facial recognition technology was not in use. The legal precedents set by cases involving other major Canadian retailers had already established a regulatory landscape where such invasive surveillance could not be deployed without explicit and specific consent, which was absent at the stores in question. The lack of any complaints or investigations from the federal privacy commissioner further solidified this assessment. Ultimately, the speculation appeared to stem from a misunderstanding of the technology and the legal distinctions between standard video security and advanced biometric analysis, a distinction that this examination brought into sharp focus.
