CF Lime Ridge Mall took 259,899 images of shoppers without consent: privacy watchdogs

Lime Ridge Mall in Hamilton captured 259,899 images of shoppers without their knowledge or consent, as revealed in a country-wide investigation of Cadillac Fairview malls by the federal, Alberta and B.C. privacy commissioners.

Local privacy expert says companies could eventually profit from our biometric data

Images of shoppers were taken via cameras embedded in the digital directories at the entrances to the mall. (GoogleMaps)

Lime Ridge Mall in Hamilton captured 259,899 images of shoppers without their knowledge or consent, as revealed in a country-wide investigation of Cadillac Fairview malls by the federal, Alberta and B.C. privacy commissioners.

Cadillac Fairview is the real estate company behind some of Canada's most popular shopping centres, including Toronto's Eaton Centre and the mall on Upper Wentworth Street in Hamilton.

The mall used "anonymous video analytics" (AVA), the report says, to take temporary images of the faces of individuals within the field of view of cameras in digital information kiosks. Those images were used to guess a person's age, gender and how the person moved around the mall. 

Daniel Therrien, the country's privacy commissioner, said the lack of meaningful consent was "particularly concerning" given the data it collected was people's faces and biometrics — data that's unique to each individual.

"Shoppers had no reason to expect their image was being collected by an inconspicuous camera," he said in a statement, "or that it would be used, with facial recognition technology, for analysis."

How did Lime Ridge Mall collect your data?

The report says Cadillac Fairview embedded small, inconspicuous cameras inside digital kiosks and directories to capture the images. When shoppers were in the camera's field of view, it would snap a picture and use facial recognition technology to guess a customer's age, gender and movements.

Each image was converted into a unique code, the report says. Cadillac Fairview collected five million images in 12 locations across Canada. That data, according to the report, could be used to identify people based on their faces. Cadillac Fairview denied ever identifying people.

This directory in Chinook Centre mall in south Calgary uses facial recognition technology. Directories in Lime Ridge Mall used the same technology. (Sarah Rieger/CBC)

The company said it was a pilot project that stopped in July 2018 after concerns raised in a CBC investigation. It also emphasized the technology wasn't capable of identifying people and that each image isn't necessarily a different shopper, which means one person could account for multiple images.

Cadillac Fairview also said photos would only be analyzed for milliseconds before being deleted, but the commissioners said they found the five million images stored on a third party's decommissioned server, "for no apparent purpose and with no justification."

"Cadillac Fairview stated that it was unaware that the database of biometric information existed, which compounded the risk of potential use by unauthorized parties or, in the case of a data breach, by malicious actors," read the report.

But even the number of images taken at Lime Ridge is alarming to Karen Louise Smith, an assistant professor at Brock University who has extensively researched online privacy and the risks around biometric data.

"Two-hundred sixty thousand images collected locally [is] a massive amount of people sorted and categorized for unknown reasons," she said in an interview Thursday.

The decal found on the entrance doors of the CF Toronto Eaton Centre. (Office of the Privacy Commissioner report)

Regarding consent, Cadillac Fairview said it informed shoppers of the surveillance through decals at entrances that warned cameras were being used for "safety and security." The decals also included the web address for the company's privacy policy.

"Cameras in kiosks are relatively new, and while someone might expect security cameras in a mall, I don't think they necessarily expect there's going to be hidden cameras embedded into devices they're interacting with," Smith said.

The commissioners said neither option was good enough and did not meet the standard for meaningful consent. The report said the privacy policy's language was "overly broad, and buried in the middle of a 5,000-word document, which would not be easily accessible to individuals while they are engaging with a mall directory."

Smith listed better alternatives the company could have used for consent.

"A pop-up with a 'Do you agree?' button is one option," she said. "A lot of us are also familiar with a green light turning on when recording is happening. There could be an icon that pops up of a camera that gives you an indication a picture is being taken."

Data deleted but experts still have concerns

In a statement on Thursday afternoon, Cadillac Fairview said it deleted the data and deactivated the cameras.

"We take the concerns of our visitors seriously and wanted to ensure they were acknowledged and addressed," read the email.

But the commissioners are still concerned about the company's plans moving forward. They wrote that Cadillac Fairview refused their request to improve how it gets consent from customers if it redeploys the technology.

The company said it accepted and implemented all the recommendations "with the exception of those that speculate about hypothetical future uses of similar technology."

Similar technology could be used for targeted ads

Smith said the report reminded her of dystopian, science-fiction scenes from the Netflix show Black Mirror, or the 2002 film Minority Report.

"There's a really popular scene in the movie where Tom Cruise walks into a mall and is basically bombarded with personalized ads as his biometrics are scanned," she said.

"This kind of technology at a kiosk could be used in the future to target ads at people based on their age and gender, and I really think that's what at stake here — whether we want our biometrics to be used by companies to generate profit ... and whether facial images are treated as personal information."

Experts say facial recognition software, similar the systems used by Cadillac Fairview, could be used to display targeted ads in the future.

She thinks the report will relax the rollout of these kinds of technologies, but says they still may come sooner than we expect.

"The idea of making these kinds of cameras and a broader array of sensors ubiquitous within our built environment, it's very much on the horizon at the moment. Where we choose to draw the line, I think, is very important."


Bobby Hristova


Bobby Hristova is a reporter/editor with CBC Hamilton. Email: bobby.hristova@cbc.ca

With files from Catharine Tunney and Thomas Daigle


To encourage thoughtful and respectful conversations, first and last names will appear with each submission to CBC/Radio-Canada's online communities (except in children and youth-oriented communities). Pseudonyms will no longer be permitted.

By submitting a comment, you accept that CBC has the right to reproduce and publish that comment in whole or in part, in any manner CBC chooses. Please note that CBC does not endorse the opinions expressed in comments. Comments on this story are moderated according to our Submission Guidelines. Comments are welcome while open. We reserve the right to close comments at any time.

Become a CBC Member

Join the conversationCreate account

Already have an account?