June 14, 2021

Please think about the implications of lawsuits before you file them against big corporations that have our data.

Recently, a guy sued McDonald’s for collecting and then storing facial and biometric data without consent.


In my opinion, this solves nothing as the legal process takes so long, by the time McDonald’s is forced to comply and due to the publicity of the lawsuit, your data could already be in the hands of a malicious third party.

If I tell an attacker hey, this company has millions of voice prints and facial recognition data that just makes them a target everyone is going to try immediately focusing on. Especially if it’s a company that doesn’t usually specialize in protecting that sort of data. A research institute specializing in AIDs, for example is going to protect your info better than if you disclosed that information to your massage therapist. Both because they have different types of focus, and they are legally required to.

While we don’t know the fast food corporations cyber security approaches, if tomorrow I filed a lawsuit claiming “Burger King stores your face and bank information for fast checkout without your permission”, would I be surprised if they were hit by more attacks than usual trying to get at said information that was collected without my permission?

Being constantly careful is the only thing an individual can do unfortunately. While a lawsuit can get your data deleted and maybe a settlement, it also raises the attack surface for the rest of the people from external malicious attacks and the fact they won’t get settlement for their trouble in most cases unless it’s a class action.

So please, think before you file. After all, with how many “we may share information with a third party” clauses that are out there I wouldn’t be surprised if they purposefully stored information on a third party server for cold storage to prove they don’t have your data.

What are some takes and counter arguments to this?



Good for them for standing up up their rights. Corporations can’t just do what they like because they are too big to take on.


Nothing will happen until there’s regulation on it.

There’s a ton of organizations that gather facial recognition data, ones that you wouldn’t even expect. Local organization I was with was looking at getting new security cameras, and ended up looking at this one system that gathers facial data. You can upload a face, or search a face, and it’ll sort through its footage to find it. The idea was that if something bad happened, you could search that face and instantly have every feed for that face within a certain time range.

It wasn’t even that expensive. It was just a camera system. But we technically would store “biometric and facial data” and there’s zero rules when it comes to that.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: By filling this form and submitting your commen, you acknowledge, agree and comply with our terms of service. In addition you acknowledge that you are willingly sharing your email address with AiOWikis and you might receive notification emails from AiOWikis for comment notifications. AiOWiksi guarantees that your email address WILL NOT be used for advertisement or email marketting purposes.

This site uses Akismet to reduce spam. Learn how your comment data is processed.