Allegations that Rogers retail stores were using customer facial recognition through security cameras surfaced on social media in December. Rogers says it does not use the technology in its storefronts, and the door inspection policy at some locations is intended to ensure the safety of staff and customers. Stores must comply with privacy laws that require the responsible collection, storage and use of personal information, including video recordings.
CLAIM
“I went to ROGERS in Nepean, Ontario. The door was locked. There was a sign on the door. A man comes in and says, 'Look up. I look up and the door opens. FACE RECOGNITION to get into Roger's… How legal is this?” reads the caption of a Dec. 14 Facebook video shared by more than a thousand people.
In the video, a woman films a Rogers Communications retail store and claims that the company uses facial recognition at the location as a security measure.
The camera shows a notice on a store window, part of which reads: “Attention: To enter, ring the intercom and look into the camera. For security reasons, we may refuse entry to anyone.” The same ad is in the nearby Fido store (Fido is a subsidiary of Rogers).
FACTS
Facial recognition is a biometric technology used to verify identity by collecting unique facial characteristics of a person and comparing them with a database of other individuals.
Rogers said storefront cameras do not use this technology.
“The use of security cameras is intended to ensure the safety of team members and customers in our stores. As part of this, we use enhanced door screening that records video of people as they enter. This footage is stored for a limited period of time,” the spokesperson said in an email.
Businesses must follow certain rules when it comes to collecting, storing and using surveillance video and biometric information.
Canada's federal private sector privacy law, known as the Personal Information Protection and Electronic Documents Act (or PIPEDA), requires an organization to obtain consent to use and disclose someone's personal information.
An organization must make “reasonable” and “meaningful” efforts to obtain consent, and do so in a way that makes it clear to anyone how their information will be used.
When it comes to video surveillance, most privacy laws require companies to post a notice about the use of cameras before customers enter a store, so they have the option of not entering.
While there is not necessarily a time limit on how long an organization can store personal information, at some point it must find a way to securely destroy or erase it.
The Office of the Privacy Commissioner of Canada, which is responsible for overseeing federal privacy laws, said it has not received complaints or investigated claims about facial recognition at Rogers retail stores.
If Rogers intended to use this technology in its stores, it would have to publish a separate notice asking for consent.
“Obtaining consent to collect photographs or videos of an individual does not allow a business entity to automatically extract biometric information from such sources. Rather, they must separately and clearly indicate that biometric information will be collected, used, or disclosed,” an agency spokesperson said in an email.
Rogers' privacy policy notes that the company collects biometric data from customers through typing or mouse movements on its digital platforms; voice biometrics for those who have taken part in the company's voice ID verification program; and “any other biometric information we may collect with your consent.”
The policy states that Rogers retail stores collect “your images through video recordings in and around our locations to ensure the safety of our customers, employees and others and protect against illegal activities such as theft, vandalism and fraud.”
The company's policy of screening customers at some retail locations by making them look at a camera or show identification has been in place since at least 2022.
WHAT CAN COMPANIES DO WITH YOUR RECORDS?
Under federal privacy law, organizations can only use someone's personal information for the purposes specified at the time of collection. Information must be stored securely and destroyed when it is no longer needed.
People have the right to request their personal information and learn how it is used.
However, there are situations where an organization may disclose someone's personal information without their knowledge or consent.
This includes cases where a government agency or law enforcement agency requests information for purposes related to an investigation, national security, or international affairs.
If a court issues a subpoena or warrant, the organization may disclose personal information, including video recordings, as permitted by law.
SOME COMPANIES VIOLATED PRIVACY LAWS BY USING FACIAL RECOGNITION
There have been cases where companies have used surveillance cameras to collect customers' personal information without their consent.
A 2020 investigation by the privacy commissioners of Canada, Alberta and British Columbia found that real estate company Cadillac Fairview used facial recognition without consent at 12 shopping centers across the country.
The company has built cameras into kiosks to analyze the age and gender of customers.
Cadillac Fairview said it sought consumer consent by placing stickers on mall doors citing its privacy policy, but an investigation found that was not enough to obtain consent for the five million images the company collected.
In 2023, British Columbia's privacy commissioner found that some Canadian Tire stores in the province were using facial recognition technology without customer consent.
The investigation determined that the stores' stated purpose of collecting images for security and loss prevention purposes was not a reasonable justification.
This report by The Canadian Press was first published Dec. 31, 2025.
