Facial Recognition: 3 Key Insights

Most retail loss prevention leaders are highly familiar with the "watch list" use case for facial recognition in retail. In previous working groups we have heard retailers such as Rite Aid, share how they implemented the technology, as well as academics, lawyers and law enforcement, each providing their perspectives on the use of this technology and the extent that the technology can be compliant with government privacy regulations, such as GDPR.

In our annual update, in January 2024, we heard updates from retailers, law enforcement and academia. Below are three key insights and takeaways from this meeting.

1) Implementation in retail is growing:

In the meeting, there were over ten retailers, mainly from the UK and USA, who had either deployed to all stores, a number of stores or were finalising their pilot programmes.

They reported that the technology was 99% accurate, some noting that their vendors had invested in both machines and human super spotters to ensure that high level of accuracy.

That the alerts were made available to a member of staff within 7-10 seconds of the entry into the store of a bad actor on the watch list.

These alerts, sent to a mobile device, required trained members of staff to either ask the bad actor to leave the store and / or to smother them in positive customer service.

Through the use of this technology, retailers reported a very positive trend in [reduced number of] incidents and shrink, as repeat and prolific offenders are dissuaded from visiting and stealing from stores equipped with facial recognition technology.

For one retailer, it has been the single most effective intervention they have ever introduced.

To be compliant, stores are required to "advertise" the presence of this technology. To date, and in this meeting, none of the retailers reported any significant levels of complaints from the public on the use of this technology nor any evidence of a reduction in sales.


Based on the discussion in the meeting, we expect to see more retailers, especially in USA and UK adopting this technology. However, we are also mindful that retailer momentum on this technology can quickly be curtailed by effective lobbying by privacy groups, as was the case in Australia (click to read the story)

Finally, it was made very clear in our discussions that the likelihood of the adoption of this technology in Europe would be very low due to very strong privacy rules.

2) The outsourcing of the Data Controller / the "Watch List" Data Base is a key enabler

For some of the retailers deploying face recognition, their technology vendor had also become their Data Controller, responsible for who [the bad actor] gets put into the data base, how long they remain on the data base, and the number of stores that will receive notifications when the bad actor enters their store, tiered based on risk level. The process for data collection and handling was described as follows.

First, an incident in a store happens and is observed, this could be the theft of a bottle of wine, a thief grabbing a whole shelf of designer jeans or a member of staff assaulted.

Second, a member of staff, or in some cases, the Security Guard, would document that incident via a digital form, look up and then attach the image of the offender captured on the high res facial recognition camera at the entrance of the store. They would then confirm that this statement was a true version of the incident, and then put their signature to the incident. They would then submit the incident into the system and in turn, the vendor, aka, the data controller

Third, the data controller at the third party would then review the quality of the incident report form, does it describe in an appropriate way what happened and the offence caused. If it needs to be improved, they would contact the store and edit before submitting as an incident in the system.

Fourth, the data controller would then decide proportionality, and set the system up to alert at just that store, stores within 5km, stores within 25km, every store, etc, based on the seriousness of the incident.

Finally, the Data Controller would monitor the response rates to alerts sent, and manage the data / images to ensure that the data base remains compliant, for example, managing retention limits.

There was discussion on how data bases could be populated with data from multiple retailers but there was some nervousness with this approach. Something for the future perhaps.

3) Acceptance of the technology is growing but it is not evenly spread.

For air travellers and retail associates working in distribution centres, facial recognition technology has been a huge help to their lives. Click here to read story on the use of facial recognition in airports.

The same level of positive acceptance cannot be said about the use of facial recognition in retail stores. In some countries, including most of Europe, the use of the technology is now banned, with seemingly no lobbies from retailers or law enforcement to adopt.

In North America and Australia, the use of the technology is in the balance, the recent Rite Aid case and their "ban" on using the technology has probably slowed down the adoption and increased the nervousness of top retail leaders who were considering its use.


Click here for the Rite Aid news story.

Meanwhile in the UK, there is a stronger appetite for facial recognition from law enforcement and government in support of trials and adoption, despite a strong "anti-big brother" lobby.

However, the ongoing concerns around privacy are likely to slow down the deployment of this technology in retail, especially for the larger UK retailers.

The working group will revisit the use of the technology and updated results from those retailers who have deployed store wide on Jan 15th 2025. To register, click on the below invitation.

In the meantime, and for some additional context, please click to view the quick video recap of the key findings from the meeting with Professor Beck.

Facial Recognition Update - 15th January 2025

Please join us at our annual review of face recognition technology


Feb 26, 2024