McDonald’s drive-thru AI bot may have broken privacy law

McDonald’s drive-thru AI bot may have broken privacy law
Ryan is a senior editor at TechForge Media with over a decade of experience covering the latest technology and interviewing leading industry figures. He can often be sighted at tech conferences with a strong coffee in one hand and a laptop in the other. If it's geeky, he’s probably into it. Find him on Twitter (@Gadget_Ry) or Mastodon (

McDonald’s announced earlier this month that it was deploying an AI chatbot to handle its drive-thru orders, but it turns out it might break privacy law.

The chatbot is the product of a voice recognition company McDonald’s snapped up in 2019 called Apprente which is now known as McD Tech Labs.

McDonald’s deployed the chatbots to ten of its restaurants in Chicago, Illinois. And there lies the issue.

The state of Illinois has some of the strictest data privacy laws in the country. For example, the state’s Biometric Information Privacy Act (BIPA) states: “No private entity may collect, capture, purchase, receive through trade, or otherwise obtain a person’s or a customer’s biometric identifier or biometric information.”

One resident, Shannon Carpenter, has sued McDonald’s on behalf of himself and other Illinois residents—claiming the fast food biz has broken BIPA by not receiving explicit written consent from its customers to process their voice data.

“Plaintiff, like the other class members, to this day does not know the whereabouts of his voiceprint biometrics which defendant obtained,” the lawsuit states.

The software is said to not only transcribe speech into text but also process it to predict personal information about the customers such as their “age, gender, accent, nationality, and national origin.”

Furthermore, the lawsuit alleges that McDonald’s has been testing AI software at its drive-thrus since last year.

Anyone found to have had their rights under BIPA violated are eligible for up to $5000 each per case. Given the huge number of McDonald’s customers, it’s estimated that damage payouts could exceed $5 million.

Once again, this case shows the need to be certain that any AI deployments are 100 percent compliant with increasingly strict data laws in every state and country they operate.

(Image Credit: Erik Mclean on Unsplash)

Find out more about Digital Transformation Week North America, taking place on November 9-10 2021, a virtual event and conference exploring advanced DTX strategies for a ‘digital everything’ world.

Tags: , , , , , , , , , , , , , , , , , ,

View Comments
Leave a comment

Leave a Reply