McDonald’s drive-thru AI bot may have broken privacy law

Ryan Daws is a senior editor at TechForge Media with over a decade of experience in crafting compelling narratives and making complex topics accessible. His articles and interviews with industry leaders have earned him recognition as a key influencer by organisations like Onalytica. Under his leadership, publications have been praised by analyst firms such as Forrester for their excellence and performance. Connect with him on X (@gadget_ry) or Mastodon (

McDonald’s announced earlier this month that it was deploying an AI chatbot to handle its drive-thru orders, but it turns out it might break privacy law.

The chatbot is the product of a voice recognition company McDonald’s snapped up in 2019 called Apprente which is now known as McD Tech Labs.

McDonald’s deployed the chatbots to ten of its restaurants in Chicago, Illinois. And there lies the issue.

The state of Illinois has some of the strictest data privacy laws in the country. For example, the state’s Biometric Information Privacy Act (BIPA) states: “No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information.”

One resident, Shannon Carpenter, has sued McDonald’s on behalf of himself and other Illinois residents—claiming the fast food biz has broken BIPA by not receiving explicit written consent from its customers to process their voice data.

“Plaintiff, like the other class members, to this day does not know the whereabouts of his voiceprint biometrics which defendant obtained,” the lawsuit states.

The software is said to not only transcribe speech into text but also process it to predict personal information about the customers such as their “age, gender, accent, nationality, and national origin.”

Furthermore, the lawsuit alleges that McDonald’s has been testing AI software at its drive-thrus since last year.

Anyone found to have had their rights under BIPA violated are eligible for up to $5000 each per case. Given the huge number of McDonald’s customers, it’s estimated that damage payouts could exceed $5 million.

Once again, this case shows the need to be certain that any AI deployments are 100 percent compliant with increasingly strict data laws in every state and country they operate.

(Image Credit: Erik Mclean on Unsplash)

Find out more about Digital Transformation Week North America, taking place on November 9-10 2021, a virtual event and conference exploring advanced DTX strategies for a ‘digital everything’ world.

Tags: , , , , , , , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply