This article is more than 1 year old

McDonald's AI drive-thru bot accused of breaking biometrics privacy law

Would you like a lawsuit with that?

McDonald’s has been accused of illegally collecting and processing customers' voice recordings without their consent in the US state of Illinois.

Like so many giant corporations, McDonald’s has turned to AI technology to use computers in place of people. In 2019, it announced it had snapped up a voice-recognition company in Silicon Valley, previously known as Apprente and now McD Tech Labs, to build a voice-controlled chatbot for its drive-thrus.

Earlier this month, McDonald’s said ten of its restaurants in Chicago, Illinois, are testing this chatbot, and it may permanently replace human workers. As you'd expect, you yell your order at the system from your car, and it takes care of it. The software apparently has an 85 per cent accuracy rate.

Although the automated service may be convenient for the greasy-grub giant, Shannon Carpenter, a resident of Illinois, claims McDonald’s is breaking the law. The state has some of the strictest data privacy laws; its Biometric Information Privacy Act (BIPA) states: “No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person's or a customer's biometric identifier or biometric information.” unless it receives written consent.

Carpenter sued [PDF] McDonald’s in April on behalf of himself and all other affected residents of Illinois. He claimed the fast-chow biz has broken BIPA by not obtaining written consent from its customers to collect and process their voice data, nor has it explained in its privacy policy how or if the data is stored or deleted. His lawsuit also stated that McDonald's has been experimenting with AI software taking orders at its drive thrus since last year.

“Plaintiff, like the other class members, to this day does not know the whereabouts of his voiceprint biometrics which defendant obtained,” Carpenter's lawsuit stated. Under the BIPA, people can receive up to $5,000 in damages from private entities for each violation committed “intentionally or recklessly,” or $1,000 if each violation was from negligence instead.

The sueball also claimed the machine-learning software built by McD Tech Labs doesn’t just transcribe speech into text, it processes audio samples to glean all sorts of personal information to predict a customer’s “age, gender, accent, nationality, and national origin.”

Given just how many go to McDonald’s, the lawsuit could get expensive for the corporation. “Plaintiff’s estimate that the proposed class consists of 'thousands of members' renders the purported damages well in excess of the $5,000,000 threshold, even before potential attorneys’ fees,” the paperwork stated.

The Register has asked McDonald’s for comment. ®

More about


Send us news

Other stories you might like