iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Australia’s privacy watchdog has ruled that Bunnings breached Australian privacy laws through its use of facial recognition cameras.
In a media release, the Office of the Australian Information Commissioner (OAIC) said its investigation revealed that during a facial recognition technology (FRT) trial taking place form from November 2018 to November 2021, Bunnings CCTV captured the face of anyone who entered 63 Bunnings stores in NSW and Victoria, adding that the company likely collected the facial data of “ hundreds of thousands of individuals”.
Bunnings, which the OAIC said has cooperated fully throughout the investigation, said the use of FRT was for the purpose of protecting its staff, customers, suppliers and other individuals from those it had recognised as a risk.
The company collected facial data to compare with faces captured of those it deemed could perform criminal acts or be violent or aggressive.
However, despite recognising the benefits of FRT in improving safety within stores, privacy commissioner Carly Kind has concluded that Bunnings breached the Privacy Act by collecting sensitive biometric data without customer consent, not including required information in its privacy policy and failing to inform individuals that their data was being collected.
“Individuals who entered the relevant Bunnings stores at the time would not have been aware that facial recognition technology was in use and especially that their sensitive information was being collected, even if briefly,” said Kind.
“We can’t change our face. The Privacy Act recognises this, classing our facial image and other biometric information as sensitive information, which has a high level of privacy protection, including that consent is generally required for it to be collected.”
Kind also said Bunnings failed to take reasonable steps to comply with the Privacy Act by implementing relevant systems and procedures.
“Facial recognition technology may have been an efficient and cost-effective option available to Bunnings at the time in its well-intentioned efforts to address unlawful activity, which included incidents of violence and aggression. However, just because a technology may be helpful or convenient, does not mean its use is justifiable,” said Kind.
“In this instance, deploying facial recognition technology was the most intrusive option, disproportionately interfering with the privacy of everyone who entered its stores, not just high-risk individuals.”
As per its right, Bunnings is seeking review of the decision, according to a statement by Bunnings managing director Mike Schneider.
“The trial demonstrated the use of FRT was effective in creating a safer environment for our team members and customers, with stores participating in the trial having a clear reduction of incidents, compared to stores without FRT,” said Schneider.
“We also saw a significant reduction in theft in the stores where FRT was used. We believe that customer privacy was not at risk. The electronic data was never used for marketing purposes or to track customer behaviour.
“Unless matched against a specific database of people known to, or banned from stores for abusive, violent behaviour or criminal conduct, the electronic data of the vast majority of people was processed and deleted in 0.00417 seconds – less than the blink of an eye.”
In the OAIC press release, Kind acknowledged the potential for FRT to be incredibly helpful but that its benefits must outweigh its impact on privacy.
“Facial recognition technology, and the surveillance it enables, has emerged as one of the most ethically challenging new technologies in recent years,” Kind said.
“We acknowledge the potential for facial recognition technology to help protect against serious issues, such as crime and violent behaviour. However, any possible benefits need to be weighed against the impact on privacy rights, as well as our collective values as a society.”
Be the first to hear the latest developments in the cyber industry.
