Skip to main content
close search
site logo
Dive Brief

Rite Aid settles with FTC after facial recognition debacle

The company can’t restart an AI-based crime-deterrent program until it puts in place safeguards to prevent a flood of false positives that left many customers humiliated.

Published Dec. 20, 2023
Robert Freedman's headshot
Lead Editor
FTC
A Rite Aid store in Brooklyn on August 28, 2023. Spencer Platt / Staff via Getty Images

Dive Brief:

  • Rite Aid, the big drug store company that’s reorganizing under bankruptcy protection, has agreed to terms set by the Federal Trade Commission over a now-ended AI-based facial recognition program that it piloted to reduce crime in select stores.
  • The company agreed not to restart the program for five years and, should it restart it, put safeguards in place to protect customer privacy and limit the number of false positives that marred the program until it was voluntarily shut down in 2020.
  • “We respect the FTC’s inquiry and are aligned with the agency’s mission to protect consumer privacy,” the company said in a statement. “However, we fundamentally disagree with the facial recognition allegations in the agency’s complaint. The allegations relate to a facial recognition technology pilot program the Company deployed in a limited number of stores. Rite Aid stopped using the technology in this small group of stores more than three years ago, before the FTC’s investigation.”

Dive Insight:

The FTC’s enforcement action is part of a broader push the agency announced earlier this year to step up its scrutiny of companies’ use of automated facial recognition and other biometric-based surveillance systems. 

In its complaint against Rite Aid, which owns some 1,900 stores in the United States, the agency accuses the company of failing to put adequate checks on facial recognition software it hired vendors to deploy to create a database of people suspected of shoplifting or engaging in other criminal behavior in its stores.

The system was populated with security camera and other images of people the company called “persons of interest” and sent an alert to employees whenever the algorithm made what it thought was a match between a person in the database and a person entering the store. 

The FTC says it gathered evidence showing the system was rife with inaccuracies, producing thousands of false positives that led to in-store confrontations that left customers feeling humiliated and their reputations harmed. 

In one case, an employee stopped and searched an 11-year-old girl because of a false match, causing the girl’s mother to miss work because of the trauma her daughter experienced. In another case, an employee called the police on a customer because the technology generated an alert, even though the database entry was of a white woman with blonde hair while the customer who was targeted was black.

“Consumers complained to Rite Aid that they had experienced humiliation and feelings of stigmatization as a result of being confronted by Rite Aid’s employees based on false positive facial recognition matches,” the FTC said. 

The pilot was concentrated in market areas dominated by minorities and the technology would make what the FTC considered obvious mistakes. For example, it wasn’t unusual for the system to send out an alert in stores in one or several cities at once even though the person of interest was based in another city. 

The FTC says the company kept poor records on the system’s accuracy, hindering the software’s ability to learn from its mistakes, and it failed to train employees adequately on the system’s use. 

“Rite Aid’s training materials … did not address the risks to consumers from using the technology,” the agency says. 

In the settlement, which must be approved by a court, the company agreed to delete all of the data it accumulated in the program and make sure vendors and other third parties that have access to the data also delete it.

Should it restart the program, Rite Aid has to have a plan in place for protecting people’s data, improving the program’s accuracy through regular testing and employee training, among other things, and monitor if the system is disproportionately impacting people by race or gender. 

The order also includes provisions relating to another order the company has been subject to since 2010 which concerns its failures meeting earlier data protection requirements. 

“Today’s groundbreaking order makes clear that the Commission will be vigilant in protecting the public from unfair biometric surveillance and unfair data security practices,” Samuel Levine, director of the FTC’s consumer protection bureau, said in a statement

In a separate statement, FTC Commissioner Alvaro Bedoya said the bias in the system against minorities is part of a broader problem with AI algorithms and he called on lawmakers to step in with legislation while the technology is new. 

“Many technologies should never be deployed in the first place,” he said. “I urge legislators who want to see greater protections against biometric surveillance to write those protections into legislation and enact them into law.”  

Recommended Reading

Editors' picks

Company Announcements

View all | Post a press release

Want to share a company announcement with your peers?

Share your announcement

Editors' picks
Latest in Compliance
Industry Dive is an Informa TechTarget business.
© 2024 TechTarget, Inc. or its subsidiaries. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell
This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world's technology buyers and sellers. All copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.'s registered office is 275 Grove St. Newton, MA 02466.