Fact File: Claim Rogers collects biometric data from store cameras unfounded
By Canadian Press on December 31, 2025.
The claim Rogers retail stores used facial recognition on customers through its surveillance cameras appeared on social media in December. Rogers says it does not use the technology at its storefronts and its door screening policy at some locations is meant to ensure staff and customer safety. Stores must follow privacy laws that dictate the responsible collection, storage and use of personal information, including video recordings.
THE CLAIM
“I went to ROGERS in Nepean Ontario. The door was locked. There was a sign on the door. A person comes on says look up. I look up and door opens. FACIAL RECOGNITION to get into Roger’s … How is this legal?” reads the caption of a Dec. 14 Facebook video with more than one thousand shares.
In the video, a woman films a Rogers Communications retail store and claims the company uses facial recognition at the location as a security measure.
The camera pans to a notice posted on the store window, part of which reads, “Attention: For entry please ring intercom and look up at camera. As a safety measure we may refuse entry to any person.” There is an identical notice on the adjoining Fido store (Fido is a subsidiary of Rogers).
THE FACTS
Facial recognition is a biometric technology used to verify identities by capturing the unique characteristics of a person’s face and comparing it against a database of other faces.
Rogers said its storefront cameras do not use the technology.
“The use of security cameras is designed to support the safety of team members and customers in our stores. As part of this, we use an enhanced door screening that records video of individuals as they enter. This footage is stored for a limited period of time,” a spokesperson said via email.
Businesses must follow certain rules when it comes to the collection, storage and use of surveillance video and biometric information.
Canada’s federal private-sector privacy law, known as the Personal Information Protection and Electronic Documents Act (or PIPEDA), requires an organization gain consent for the use and disclosure of someone’s personal information.
The organization must make a “reasonable” and “meaningful” effort to gain consent and do so in a way that makes it clear to someone how their information would be used.
For video surveillance, most privacy laws require businesses post a notice about their use of cameras before customers enter the store so they have the option of not entering.
While there isn’t necessarily a set time limit on how long an organization can store personal information, they must find a way to securely destroy or erase it at some point.
The Office of the Privacy Commissioner of Canada, which is responsible for overseeing compliance of federal privacy laws, said it hasn’t received complaints or investigated claims about facial recognition at Rogers retail stores.
If Rogers intended to use the technology at its stores, it would have to post a separate notice asking for consent.
“Obtaining consent to collect photos or videos of an individual does not automatically allow a commercial organization to extract biometric information from such sources. Rather, they must specify separately and explicitly that biometric information will be collected, used, or disclosed,” an office spokesperson said via email.
Rogers’ privacy policy notes it collects biometrics from customers through typing patterns or mouse movements on its digital platforms; voice biometrics for those opted into the company’s voice ID verification program; and “any other biometrics information we may collect with your consent.”
The policy says Rogers retail stores collect “images of you through video recordings in and around our locations in order to maintain the safety of our clients, employees and others, protect against illegal activity, such as theft, vandalism and fraud.”
The company’s policy of screening customers at some retail locations by having them look into a camera or show a piece of identification has been in place since at least 2022.
WHAT CAN COMPANIES DO WITH RECORDINGS OF YOU?
Under federal privacy law, organizations can only use someone’s personal information for the purpose specified at the time of collection. The information must be securely stored and destroyed when it is no longer needed.
People have the right to request their personal information and find out how it’s being used.
However, there are situations where an organization could disclose someone’s personal information without their knowledge or consent.
That includes if a government institution or law enforcement agency requests the information for purposes related to an investigation, national security or international affairs.
If a court issues a subpoena or warrant, the organization can disclose personal information — including video recordings — to comply with the law.
SOME COMPANIES BROKE PRIVACY LAWS WITH FACIAL RECOGNITION USE
There have been instances of companies using surveillance cameras to collect the personal information of customers without their consent.
A 2020 investigation by privacy commissioners for Canada, Alberta and British Columbia found the real estate company Cadillac Fairview used facial recognition without consent at 12 shopping malls across the country.
The company embedded cameras inside kiosks with the intent of analyzing the age and gender of shoppers.
Cadillac Fairview claimed it asked for shoppers’ consent by posting decals on mall doors that referred to their privacy policy — but the investigation found that wasn’t enough to gain consent for the five million images the company collected.
In 2023, B.C.’s privacy commissioner found that some Canadian Tire stores in the province used facial recognition technology without customers’ consent.
The investigation ruled the stores’ stated purpose of collecting the images for safety and loss prevention wasn’t a reasonable justification.
This report by The Canadian Press was first published Dec. 31, 2025.
Marissa Birnie, The Canadian Press
38-37
