A sign at the entrance of certain Wegmans stores now informs customers that their biometric information may be collected. The sign states the company “collects, retains, converts, stores or shares customers’ biometric identifier information, which may include facial recognition, eye scans and voiceprints.”
For shoppers at the popular East Coast grocery chain, this is new territory. While many retailers use security cameras, few have deployed facial recognition technology on ordinary customers. Wegmans has joined a small but growing number of businesses crossing that line.
This article examines what Wegmans is doing, how the technology works, and why privacy experts are raising alarms.
What Wegmans Is Collecting
Wegmans began piloting facial recognition technology in its New York City stores in 2024. Initially, the programme was limited to employees as part of a security initiative. It has since expanded to include customers.
According to the company’s statement, cameras equipped with facial recognition identify individuals who have been “previously flagged for misconduct.” The system is deployed in what Wegmans describes as “a small fraction of stores located in communities that exhibit an elevated risk.”
What the Signs Say vs What Wegmans Says
The disclosure signs at store entrances mention facial recognition, eye scans, and voiceprints. However, Wegmans claims it only collects facial recognition data and does not capture retinal scans or voice prints. The company says the broader language on the signs is required by New York City’s biometric privacy law, which mandates disclosure when any covered biometric technology might be used.
Wegmans states that facial recognition data is retained for a “short, defined period” and then securely deleted—unless it matches someone flagged for misconduct. In that case, the data is kept longer. The company says it does not share facial recognition data with third parties.
How Retail Facial Recognition Works
Modern facial recognition systems capture images of faces and convert them into mathematical representations called faceprints. These faceprints are compared against a database of known individuals. When a match occurs, the system alerts store personnel.
For loss prevention purposes, retailers build databases of individuals previously caught shoplifting or engaging in other misconduct. When such a person enters the store, staff receive a notification and can monitor or approach them.
The Accuracy Problem
Facial recognition technology has improved significantly, but it is not perfect. Studies have consistently shown higher error rates for people with darker skin tones and for women. A 2019 US government study found that many facial recognition algorithms were 10 to 100 times more likely to misidentify Black and Asian faces compared to white faces.
False positives—incorrectly identifying someone as a flagged individual—create serious problems. Innocent shoppers may be wrongly accused of theft, followed by security staff, or asked to leave stores. These encounters can be humiliating and, in some cases, escalate into confrontations.
Wegmans says its technology partner adheres to NIST, ISO, and SOC 2 cybersecurity frameworks. However, compliance with technical standards does not eliminate the accuracy issues inherent in facial recognition.
Why Privacy Advocates Are Concerned
The expansion of biometric surveillance into retail environments raises several concerns that go beyond accuracy.
No Meaningful Opt-Out
When a store collects facial recognition data on all customers who enter, opting out means not shopping there. For many people, this is not a practical choice.
This differs from online tracking, where users can install ad blockers or choose alternative services. Physical spaces offer no such workarounds. Either you accept the surveillance or you don’t enter.
Wegmans operates approximately 115 stores across the northeastern United States. In some areas, it may be the most convenient or affordable grocery option.
Data Security Risks
Biometric data presents unique risks if compromised. As privacy advocate Will Owen from the Surveillance Technology Oversight Project noted, “If there is a hack or a breach of that data, you can’t change your face like you would change a password.”
A database of faceprints is a high-value target for hackers. Once stolen, this data can be used for identity fraud, stalking, or creating deepfakes. Unlike passwords or credit card numbers, biometric identifiers are permanent.
Potential for Mission Creep
Today, Wegmans says it uses facial recognition only to identify previously flagged individuals. But once the infrastructure exists, the temptation to expand its use grows. Retailers could begin tracking shopping patterns, identifying VIP customers for special treatment, or sharing data with law enforcement.
Will Owen raised another concern: immigrant customers may worry about their biometric data reaching immigration enforcement agencies. Even if current policies prohibit such sharing, policies can change, and data that exists can eventually be accessed.
Regulatory Response
Wegmans’ biometric collection has drawn attention from lawmakers. Erie County legislator Lindsay Lorigo has introduced legislation requiring businesses to disclose when they use facial recognition. New York State Senator Rachel May sponsored a bill in 2025 that privacy advocates say could ban such surveillance in retail settings.
New York City already has a biometric privacy law requiring disclosure—hence the signs at Wegmans stores. But disclosure is not consent. Customers are informed, not asked. The law does not give shoppers the right to enter the store without being scanned.
Other jurisdictions have gone further. Illinois’ Biometric Information Privacy Act (BIPA) requires informed written consent before collecting biometric identifiers—a significantly stronger protection. Several class action lawsuits under BIPA have resulted in substantial settlements against companies that collected facial recognition data without consent.
The Broader Trend
Wegmans is not alone. Other major retailers have tested or deployed facial recognition, including Macy’s, Lowe’s, and Albertsons. The loss prevention industry actively promotes the technology as a solution to retail theft, which has increased in recent years.
However, consumer backlash has caused some companies to pause or abandon facial recognition programmes. Rite Aid ended its facial recognition pilot in 2020. In 2023, the FTC banned the company from using the technology for five years, finding it had failed to implement reasonable safeguards and that the system produced higher false positive rates in stores located in predominantly Black and Asian communities. In 2022, Madison Square Garden drew widespread attention for using facial recognition to bar attorneys whose firms had sued the venue’s owner—demonstrating how the technology can be used in ways far removed from its stated purpose.
What Shoppers Can Do
Individual options are limited. You can choose not to shop at stores using facial recognition, but this requires knowing which stores use it—information that is not always readily available. You can contact retailers and lawmakers to express concerns. You can support organisations advocating for biometric privacy legislation.
For those in states with strong biometric privacy laws, the legal environment offers some protection. For everyone else, the current reality is that retailers can collect your faceprint simply because you walked through their doors.
Conclusion
Wegmans’ facial recognition programme represents a quiet but significant expansion of surveillance into everyday life. When buying groceries requires submitting to biometric data collection with no opt-out, the balance between security and privacy has shifted.
The company frames this as a security measure targeting known bad actors. Privacy advocates see it as infrastructure for something broader—a normalisation of facial recognition that will be difficult to reverse once established.
Whether this trade-off is acceptable depends on who you ask. What is clear is that shoppers at affected stores are not being asked. They are being informed—and their options are to accept the surveillance or shop elsewhere.
Sources
- Wegmans Statement on Facial Recognition Technology
- Gothamist: NYC Wegmans is storing biometric data on shoppers’ eyes, voices and faces
- Investigative Post: Wegmans in Buffalo surveilling shoppers, collecting reams of data
- CBS New York: Some Wegmans locations are now using facial recognition software on customers
- WXXI News: Why it matters that Wegmans and other retailers are gathering biometric data on shoppers
