McDonald's AI Drive-Thru Allegedly Collected Biometric Customer Data without Consent, Violating BIPA

October 15, 2021

Lawsuit claims McDonald's chatbot in its Chicago AI drive-thru collected and processed voice data without user consent, potentially violating Illinois Biometric Information Privacy Act (BIPA). This incident highlights the importance of safe and secure AI practices. For those interested in shaping the future of trustworthy AI governance, join us at HISPI Project Cerebellum TAIM to Measure and Govern such incidents.

JOIN US

Matched TAIM controls

Suggested mapping from embedding similarity (not a formal assessment). Browse all TAIM controls

MEASURE 2.10 — similarity 0.683, rank 1. TAIM detail and related incidents →
MAP 1.6 — similarity 0.661, rank 2. TAIM detail and related incidents →
MAP 4.1 — similarity 0.642, rank 3. TAIM detail and related incidents →

Alleged deployer: mcdonald's
Alleged developer: mcd-tech-labs, apprente
Alleged harmed parties: shannon-carpenter, mcdonald's-customers-residing-in-illinois, mcdonald's-customers

Source

Data from the AI Incident Database (AIID). Cite this incident: https://incidentdatabase.ai/cite/360

Data source

Incident data is from the AI Incident Database (AIID).

When citing the database as a whole, please use:

McGregor, S. (2021) Preventing Repeated Real World AI Failures by Cataloging Incidents: The AI Incident Database. In Proceedings of the Thirty-Third Annual Conference on Innovative Applications of Artificial Intelligence (IAAI-21). Virtual Conference.

Pre-print on arXiv · Database snapshots & citation guide

We use weekly snapshots of the AIID for stable reference. For the official suggested citation of a specific incident, use the “Cite this incident” link on each incident page.