Bunnings breached privacy laws by using facial recognition on customers, Commissioner finds – Everything Law and Order Blog

Retail giant Bunnings has breached privacy laws by using facial recognition technology on its customers, according to a landmark finding by the Privacy Commissioner.

Today’s decision is the result of a two-year investigation by the regulator.

“Individuals who entered the relevant Bunnings stores at the time would not have been aware that facial recognition technology was in use and especially that their sensitive information was being collected, even if briefly,” Australian Privacy Commissioner Carly Kind said.

The case is expected to have major implications for how Australian businesses use the technology in future.

“Facial recognition technology, and the surveillance it enables, has emerged as one of the most ethically challenging new technologies,” Commissioner Kind said.

The Privacy Commissioner found Bunnings interfered with the privacy of hundreds of thousands of customers across 62 of its New South Wales and Victorian stores, between November 6, 2018 and November 30, 2021.

The regulator said Bunnings did not gain proper consent to use the technology on them.

The company has been ordered not to repeat the practice in the future and destroy the personal and sensitive information that was collected within a year.

Bunnings will have to publish a statement on its website within 30 days explaining what it did wrong, how it was using the technology, and provide advice to customers on how to make a complaint.

“This decision should serve as a reminder to all organisations to proactively consider how the use of technology might impact privacy,” Commissioner Kind said.

How Bunnings was using facial recognition

Facial recognition technology captures and stores people’s unique “faceprints”, which are considered highly sensitive biometric data under Australian privacy law.

The national regulator for privacy, the Office of the Australian Information Commissioner (OAIC), said Bunnings was using a system that scanned the faces of customers in store and cross-checked them against a list of “enrolled individuals” who it knew or suspected had been a security risk in the past, either by behaving violently or stealing.

In cases where the system found a match, an alert was generated.

Bunnings told investigators that when there wasn’t a match, the customer’s facial data was collected but then automatically deleted within an average of 4.17 milliseconds.

The exterior of a Bunnings Warehouse building, the logo is green, red and white

Bunnings used the technology in more than 60 stores between 2018 and 2021. (ABC News: Billy Cooper)

The unique nature of facial data means it is considered highly sensitive under Australian privacy law, and special consent is therefore required.

“We can’t change our face,” Commissioner Kind said.

“Any possible benefits [of facial recognition technology] need to be weighed against the impact on privacy rights.”

The practice first came to the attention of the OAIC when consumer advocacy group Choice revealed in 2022 that Bunnings, Kmart and The Good Guys were using facial recognition technology in stores.

All three stores halted the practice in the wake of Choice’s report.

Kmart is also being investigated by the regulator for in-store use of facial recognition technology, but a finding is yet to be made.

The regulator ultimately didn’t proceed with an investigation into The Good Guys.

Good security or overkill? Why businesses use facial recognition tech

When Bunnings’ use of facial recognition technology was first exposed managing director Mike Schneider said Choice had “mis-characterised” the issue.

“When we have customers berate our team, pull weapons, spit, or throw punches, we ban them from our stores — but a ban isn’t effective if it’s hard to enforce,” he said at the time.

“Facial recognition gives us a chance to identify when a banned person enters a store so we can support our team to handle the situation before it escalates.”

Similarly, Kmart said using the technology to prevent criminal activity was legitimate.

A man faces the camera wearing the Bunnings uniform

Bunnings managing director Mike Schneider said the stores that used the technology saw a reduction in theft. (Supplied: Bunnings)

The Privacy Commissioner gave consideration to the security benefits, but ultimately decided it didn’t justify the invasion of privacy.

“Just because a technology may be helpful or convenient, does not mean its use is justifiable,” Commissioner Kind said.

“In this instance, deploying facial recognition technology was the most intrusive option, disproportionately interfering with the privacy of everyone who entered its stores, not just high-risk individuals.”

Bunnings is seeking a review of the OAIC decision, saying it was “deeply disappointed” with the determination.

Mr Schneider said the company’s use of facial recognition technology was “never about convenience or saving money but was all about safeguarding our business and protecting our team, customers, and suppliers”.

He said 70 per cent of Bunnings’ in-store incidents were caused by the same group of people, and that facial recognition proved the fastest and most accurate way of identifying and quickly removing these individuals.

Mr Schneider says stores are seeing “increasing exposure to violent and organised crime” and if just one person could be protected from trauma the use of facial recognition would be “justifiable”.

The retailer maintains customer privacy was not at risk.

“The electronic data was never used for marketing purposes or to track customer behaviour,” he said.

Loading…

RSS Feed Source link

By elboriyorker

HOSTING BY PHILLYFINESTSERVERSTAT | ANGELHOUSE © 2009 - 2024 | ALL YOUTUBE VIDEOS IS A REGISTERED TRADEMARK OF GOOGLE INC. THE YOUTUBE CHANNELS AND BLOG FEEDS IS MANAGED BY THERE RIGHTFUL OWNERS. POST QUESTION OR INQUIRIES SEND ME AN EMAIL TO elboriyorkeratgmailcom (www.phillyfinest369.com)

Leave a Reply