Students at the University of Waterloo were shocked to discover their campus M&M vending machines were secretly scanning their faces. An error message tipped off a student, revealing facial recognition software running on the machines without consent.
The exposé sparked outrage as students felt spied on by the candy dispensers. An investigation by the campus paper revealed the machines could analyze age and gender, contrary to privacy laws.
The university moved quickly to disable the covert features and remove the machines. But trust was shaken. Some students resorted to covering the camera sensors with gum and notes in protest.
The vending machine maker Invenda boasted demographics sensing in sales material. But when caught, it claimed the camera was just a motion detector to activate the screen. This rang hollow next to its website describing age and gender analysis.
Invenda leaned on being GDPR compliant, but students doubted European standards translated to Canada. The company admitted to processing images locally, despite denying permanent storage.
Mars, which helped bring Invenda machines to North America, now faces blowback too. The situation echoed past privacy controversies like a mall using facial recognition on shoppers.
While Invenda and the university downplayed privacy impacts, students felt violated. They saw overreach in turning a seemingly innocuous snack dispenser into a surveillance device.
The reaction reflects growing wariness of facial recognition creeping into daily life without consent. People accept some loss of privacy for conveniences like smart home devices. But they bristle at secretive and invasive data collection by companies.
The university is removing the machines to rebuild student trust. But the incident may make schools and vendors think twice before unleashing intrusive technologies on campus. Respecting student privacy should come before corporate partnerships and flashy innovations.
