The lowest prices were just the beginning for hundreds of thousands of Australians whose facial data was captured by Bunnings without their consent. The Office of the Australian Information Commissioner (OAIC) has ruled that the retail giant breached privacy laws by using CCTV-linked facial recognition (FRT) technology to capture the face of every person who entered 63 stores in the previous three years in NSW and Victoria. November 2021. Bunnings managing director Mike Schneider said the company launched the technology to tackle shoplifting and violence in its stores and would appeal the ruling. “FRT was trialled in a limited number of Bunnings stores in Victoria and NSW between 2018 and 2021, with strict controls on its use, with the sole and clear intention of keeping team members and customers safe and preventing unlawful activity,” Schneider said in a position.
About 70 percent of the incidents were caused by “the same group of people,” the company said.
“FRT provided the fastest and most accurate way to identify these individuals and quickly remove them from our stores.” In her ruling, Privacy Commissioner Carly Kind recognized the technology’s potential to protect against crime and violent behavior. “However, any potential benefits must be weighed against the impact on privacy rights and on our collective values as a society,” she said.
The finding found that Bunnings had collected customers’ private information without consent, failed to take steps to notify them and left gaping holes in its privacy policy.
Bunnings has used facial recognition technology in its stores. Source: MONKEY / /
Kind said the technology was an intrusive option that disrupted the privacy of all customers, not just high-risk individuals. “Individuals entering the relevant Bunnings stores at the time would not have been aware that facial recognition technology was in use and especially that their sensitive information was being collected, even briefly,” she said. “We cannot change our face. The Privacy Act recognizes this and classifies our facial image and other biometric information as sensitive information, which has a high level of privacy protections, including the consent generally required to collect it.” Bunnings has been ordered not to repeat or continue this practice and must destroy all personal and sensitive information it has collected through FRT within one year. Against the backdrop of rapid technological change, the determination followed a two-year investigation and was a milestone for Australian privacy laws.
“Facial recognition technology, and the surveillance it enables, has become one of the most ethically challenging new technologies in recent years,” Kind said.
The OAIC said the ruling should remind companies of their privacy obligations and released a statement for companies considering facial recognition technology. Consumer advocate CHOICE, which raised the alarm about Bunnings’ practices more than two years ago, said the technology has only increased in use since then. “While the Office of the Information Commissioner’s decision is a strong step in the right direction, more needs to be done,” said CHOICE’s campaign and policy advisor Rafi Alam.
“CHOICE continues to call for a specific, appropriate law to hold companies accountable when they violate customer privacy.”