CaraComp
CaraComp
Forensic-Grade AI Face Recognition for:
Get Started7-day refund guarantee**
facial-recognition

Your Face Is Being Scanned at the Grocery Store — and a Tiny Sign Is All They Owe You

Your Face Is Being Scanned at the Grocery Store — and a Tiny Sign Is All They Owe You

Picture this: You walk into a grocery store, grab a cart, head for the produce section. Somewhere above the door, a camera captures your face, runs it against a database of people flagged for shoplifting, and either clears you silently or sends an alert to a loss-prevention officer — all before you've touched a single apple. You never see a sign. You never agreed to anything. You have no idea this happened.

That's not a future scenario. It's a present-day practice. And in April 2026, a Québec privacy authority called the CAI — the Commission d'accès à l'information (that's the provincial watchdog in charge of protecting Quebecers' personal information) — issued a ruling that exposed just how complicated the question of consent really is when a store wants to scan your face.

TL;DR

Québec's privacy watchdog conditionally approved a grocery chain's facial recognition pilot — but the consent question is still unresolved, and the gap between "we posted a sign" and "we actually asked you" is exactly where shoppers' rights live or die.

The Ruling That Said "Yes, But…"

The case centered on Metro Inc., a large Canadian grocery chain. Metro had been running a facial recognition pilot across ten stores, matching camera footage against a database of people previously caught shoplifting. The goal: reduce theft losses. The problem: this is biometric data — your face, captured and converted into a unique digital template, the same way a fingerprint gets stored — and under Québec's privacy law, collecting that kind of data requires serious justification.

Here's the twist. The CAI's February 2025 ruling had actually blocked Metro's program on consent grounds. That ruling is still under appeal. The April 2026 follow-up ruling said Metro could potentially continue — if the earlier consent prohibition gets overturned on appeal. So the "yes" is conditional. It's a legal holding pattern, not a green light. The store can argue its case while the legal fight plays out, but it cannot simply ignore the underlying question of whether shoppers ever agreed to this in the first place.

What makes this ruling worth paying attention to — even if you don't live in Québec — is what the CAI required Metro to show before it even considered approving the program. This article is part of a series — start with Face Match Not Proof Biometric Assurance Deepfakes.

10
The number of stores Metro was permitted to run its facial recognition pilot in — capped there specifically to limit the scale of data collection
Source: CAI ruling, as reported by Ogletree Deakins

The "Prove You Needed It" Standard

The CAI didn't just ask Metro whether the technology worked. It asked something harder: Did you actually need to use face scanning specifically? Under Québec's privacy framework, collecting sensitive personal data — and yes, a digital map of your face absolutely counts — has to pass what's called a necessity test. The CAI required that the objectives be real and legitimate, that the data collection be proportionate to the problem, and that there be no less invasive option that would work just as well.

Metro had to show it had already tried other approaches. It had to commit to not keeping facial templates when no match was found — meaning if the system scanned your face and you weren't in the database, your data would be deleted, not stored "just in case." It agreed to cap retention of any flagged data at 18 months. And critically, the pilot stayed limited to ten stores, not a chain-wide rollout.

The CAI also flagged something retailers almost never talk about publicly: accuracy risks, demographic bias, and false positives. In plain terms: these systems make mistakes, and they make more mistakes on certain groups of people — particularly people of color. Being wrongly flagged as a shoplifter in a grocery store is not an abstract harm. It's embarrassing, potentially humiliating, and in some cases has led to wrongful detentions.

"The important question is no longer just whether face-based technology works. It is whether regular people get clear notice, real choice, and limits on what happens to their face data after they walk through the door." Ogletree Deakins, analyzing the CAI's April 2026 ruling

Trusted by Investigators Worldwide
Run Forensic-Grade Comparisons in Seconds
Court-ready facial comparison reports. Results in seconds.
Get Started
7-day refund guarantee**
🎆 July 4th Sale: 50% OFF your first month — use code JULY426 at checkout · ends July 11

Why "We Put Up a Sign" Isn't Enough Anymore

Here's where it gets interesting for shoppers across North America, not just in Québec.

The American patchwork on this is a mess — and that's being generous. According to Recording Law, only three U.S. states — Illinois, Texas, and Washington — have laws that specifically protect biometric data (your face scan, fingerprint, voiceprint — the body-based stuff that's uniquely yours). About 20 more states treat it as "sensitive" under broader privacy laws. The rest of the country? Mostly covered only if there's a data breach. Meaning: a retailer in most U.S. states can scan your face without asking, post a small sign near the entrance as a legal fig leaf, and call it a day.

Illinois is the notable exception. Its Biometric Information Privacy Act — known as BIPA — requires written consent before any company collects your biometric data, and it allows individuals to sue directly if their rights are violated. The lawsuits have been significant. WSHB Law notes that the regulatory pressure has shifted away from whether a company posted a notice, toward whether the system was accurate, proportionate, and actually constrained by real deletion rules. The FTC's enforcement action and settlement with Rite Aid — following its use of facial recognition that disproportionately misidentified people of color as shoplifters — made clear that "we had a sign" is not a defense when the underlying system is producing false accusations. Previously in this series: That 99 Face Match Unlocking Your Bank Fraudsters Just Found.

Why This Matters for You

  • It's already in stores near you — Retail facial recognition is not experimental. It's operational in chains across the U.S. and Canada right now, mostly without your knowledge.
  • 📊 A small sign is not the same as asking you — Most current retail deployments rely on entrance notices rather than explicit consent. Québec's ruling challenges whether that's good enough.
  • 🔮 False positives have real consequences — Being wrongly matched to a shoplifting database doesn't just disappear. It affects how store staff interact with you, and in documented cases, it's led to wrongful confrontations.
  • 🛡️ The "delete it after no match" rule is the bar to watch — Metro's agreement not to retain your facial template if you're not flagged is actually a meaningful protection. That standard isn't universal yet.

The One Thing You Can Actually Do Right Now

Look, nobody expects you to audit every store before you walk in. But if you've ever had the nagging feeling that something about a store interaction felt off — that a security guard materialized a little too quickly, or that you were followed through a store despite doing nothing unusual — you're now aware of one possible explanation.

The useful thing you can do: pay attention to entrance signage. Some retailers that use facial recognition are required by state law or company policy to disclose it. In Illinois, that disclosure must be explicit and must come with a consent mechanism. In other states, a small print notice somewhere near the door may be all that's legally required. If you see language about "biometric security systems" or "loss prevention technology" near a store entrance, that's likely what it's referring to.

If you care about this — and it's completely reasonable if you do — you can also check whether a retailer has a publicly posted biometric data policy on its website. CSIS has documented that responsible-use frameworks across jurisdictions increasingly require this kind of transparency. A company that refuses to publish one while claiming it takes privacy seriously is telling you something important.

If you've ever looked at a profile online and wondered whether the person is really who they claim to be — or wondered whether a photo has been altered to mislead you — that same instinct applies here. The question of "is this really the right person?" is exactly what facial recognition systems are trying to answer. The problem is that when they get it wrong, you are the collateral damage, not the algorithm.

Key Takeaway

Québec's ruling didn't settle whether retailers can use facial recognition — it set the bar for what they have to prove before doing so. That bar includes showing the technology was necessary, that alternatives were tried and failed, and that your face data gets deleted when it's not needed. Most retailers in North America aren't meeting that bar yet. Now at least one regulator is asking why not. Up next: That 99 Face Match Unlocking Your Bank Fraudsters Just Found.


The Question Nobody Wants to Answer

The retailers will tell you this is about stopping organized theft rings that cost the industry billions. That's real. Retail shrink — inventory lost to theft — is a genuine and expensive problem, and stores aren't wrong that repeat offenders account for a disproportionate share of it.

But here's the thing the Québec ruling quietly exposed: the moment a store decides that loss prevention justifies scanning every single customer's face, it has made a choice that the overwhelming majority of those customers — the law-abiding ones, which is essentially everyone — never consented to and may never even know about. The math of that trade-off isn't purely a business decision. It's a decision about who the store thinks its customers are before they've done a single thing.

Metro agreed not to keep your facial template if you don't match anyone in their database. That sounds like a reasonable minimum. But think about what it implies: without that rule, a grocery chain could theoretically build a record of every face that walked through its doors — your shopping frequency, your patterns, your presence — without ever telling you. The protection isn't baked into the technology. Someone had to negotiate for it.

So here's the question the CAI left on the table, still unanswered: if a store has to go to that much trouble to minimize the harm of scanning your face, maybe the more honest question is whether the scan should happen at all — and whether the person who should be deciding that is you, not the loss-prevention manager.

If a retailer told you it used facial recognition to prevent fraud, what would actually make you comfortable — a sign at the door, a real opt-in, a strict deletion rule, or none of it at all? Drop your answer in the comments. This one's worth talking about.

Ready for forensic-grade facial comparison?

Full forensic reports with detailed similarity scoring. Results in seconds.

Run My First Search