Canadian Tire stores used facial ID systems that breached B.C. privacy law
The Office of the Information and Privacy Commissioner for British Columbia concluded on April 20, 2023 that several Canadian Tire associate stores used facial recognition technology to capture images, create biometric templates, and compare visitors against a Persons of Interest database without adequate notice or consent, breaching the Personal Information Protection Act. The investigation covered four stores directly and noted up to 12 stores had used the technology; the systems were removed and the OIPC recommended stronger regulation and improved privacy management. No financial penalties were reported in the public record.
The incident was a governance and policy failure where deployed facial recognition systems collected immutable biometric identifiers without the legally required notice and consent.
Key facts
- What
- The Office of the Information and Privacy Commissioner for British Columbia concluded on April 20, 2023 that several Canadian Tire associate stores used facial recognition technology to capture images, create biometric templates, and compare visitors against a Persons of Interest database without adequate notice or consent, breaching the Personal Information Protection Act.
- Incident date
- Apr 20, 2023
- Who
- Canadian Tire Corporation
- Failure mode
- Policy Violation
- AI surface
- Computer Vision
- Severity
- High
What happened
The Office of the Information and Privacy Commissioner for British Columbia found that several Canadian Tire associate stores used facial recognition technology that captured images and video of people entering stores and created facial biometric templates without adequate notice or consent. The OIPC investigated four stores directly and reported that the systems had been used in up to 12 stores for loss prevention and staff safety, comparing newly generated biometrics to a Persons of Interest database. After notification by the OIPC the stores removed the systems and the report states the collected information was destroyed.
What broke inside the model
- 01 · TriggerA prompt pushes against a deployment boundary.
- 02 · Model stepThe model produces the disallowed output.
- 03 · Control gapNo enforcement blocks it at generation time.
- 04 · FailureThe output crosses the policy line.
- 05 · ConsequenceA limit the business set is breached in public.
The output crosses a policy boundary the deployment had defined.
Deployed facial recognition systems captured images or video at store entrances, generated biometric templates, and stored them in vendor-maintained databases including a Persons of Interest list. The stores did not provide the specific notification or obtain valid consent required under B.C.'s Personal Information Protection Act, and they had not completed required privacy impact assessments or demonstrated a reasonable purpose for large scale biometric collection. The failure was therefore both a technological deployment that processed sensitive biometrics and a governance/policy failure to meet legal notice, consent, retention, and purpose requirements.
What it cost
Sources
- PrimaryInvestigation Report: Canadian Tire Associate Dealers’ use of facial recognition technologyoipc.bc.ca
- PressCanadian Tire stores in B.C. broke privacy laws on facial ID technology, privacy commissioner sayscbc.ca
- PressCanadian Tire stores broke privacy laws on facial ID technology, B.C. privacy commissioner saysctvnews.ca
Cite this entry
https://failureindex.ai/failures/canadian-tire-stores-used-facial-systemsAI Failure Index. "Canadian Tire stores used facial ID systems that breached B.C. privacy law" (FI-0457). Realm Labs. https://failureindex.ai/failures/canadian-tire-stores-used-facial-systems (indexed Jun 10, 2026).Data fields CC-BY 4.0, prose citation permitted. Incident ID FI-0457. Full dataset at /data.
Note from Realm Labs, the Index steward
How Realm fits
- Prism
- OmniGuard
This entry sits in the index's predictive wing: a system that scores, ranks, perceives, or steers rather than generates. Realm's runtime layer is built for the generative and agentic systems now moving into these same decision seats, where it watches a model's internal state and holds an unsupported claim or an unchecked action before it commits. The control gap on this record, an automated decision that reached people with no runtime check in front of it, is the same gap. The index keeps predictive failures on the record because the pattern carries straight into the systems shipping today.