Login
iscover
Share this article on:
Powered by
MOMENTUM
MEDIA
Powered by MOMENTUMMEDIA
Australia’s Privacy Commissioner has called the use of FRT by a popular department store chain a “disproportionate interference with privacy”.
The Office of the Australian Privacy Commissioner has found that Kmart Australia Limited’s use of facial recognition technology (FRT) to counter refund fraud was, in fact, a breach of the Privacy Act.
“Understanding how FRT accords with the protections contained in Privacy Act requires me to balance the interests of individuals in having their privacy protected, on the one hand, and the interests of entities in carrying out their functions or activities, on the other,” privacy commissioner Carly Kind said in an 18 September statement.
“Relevant to a technology like facial recognition is also the public interest in protecting privacy.”
Kmart rolled out FRT between June 2020 and July 2022, capturing the faces of every shopper who entered one of its 28 stores, as well as anyone who presented an item at a store’s returns counter.
The commissioner found that Kmart did not seek the consent of its customers, nor give notice of the practice, with regard to collecting their biometric information, which is considered sensitive personal information under the Privacy Act. Kmart argued that the use of FRT was justified and that it did not need to seek consent as there is an exemption within the act regarding organisations that feel they need to act to handle unlawful conduct.
However, the commissioner found that Kmart’s response was disproportionate and indiscriminate.
“I do not consider that the respondent (Kmart) could have reasonably believed that the benefits of the FRT system in addressing refund fraud proportionately outweighed the impact on individuals’ privacy,” Kind said.
This is the second time the Office of the Australian Information Commissioner (OAIC) has made such a determination, with Bunnings being the first. The OAIC found that the popular hardware chain had breached the Privacy Act in 2024, when it used FRT in its 62 retail locations; however, the ruling is currently under review.
“These two decisions do not impose a ban on the use of FRT. The human rights to safety and privacy are not mutually exclusive; rather, both must be preserved, upheld and promoted,” Kind said.
“Customer and staff safety, and fraud prevention and detection, are legitimate reasons businesses might have regard to when considering the deployment of new technologies. However, these reasons are not, in and of themselves, a free pass to avoid compliance with the Privacy Act.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.
Be the first to hear the latest developments in the cyber industry.
