2 hours ago
2
Retail giant Kmart breached Australians’ privacy by scanning shoppers’ faces without consent, Australia’s privacy commissioner has ruled. Between June 2020 and July 2022, Kmart installed facial-recognition cameras in 28 stores to combat refund fraud.
Every customer who entered – not just suspected fraudsters – had their biometric data captured. Privacy commissioner Carly Kind said that after a three-year investigation, she found the practice was “a disproportionate interference with privacy”.
Retail giant Kmart breached Australians’ privacy by scanning shoppers’ faces without consent, Australia’s privacy commissioner has ruled.
“I do not consider that the respondent [Kmart] could have reasonably believed that the benefits of the facial-recognition technology system in addressing refund fraud proportionately outweighed the impact on individuals’ privacy,” she said in a statement.
“[It was] also minimal with respect to [Kmart’s] annual revenue, which was $9.2 billion in the 2020 financial year.”
The ruling stressed that biometric data – which is considered sensitive personal information under the Privacy Act – enjoys special legal protections, and collecting it without notice or consent is a serious breach.
Kmart argued it was entitled to use the technology under an exemption in the act for tackling unlawful activity. But Kind rejected that defence, concluding the collection of biometric information from thousands of innocent customers was unjustified.
Loading
Kmart was contacted for comment. The company co-operated with the investigation and stopped operating the system in July 2022. It comes as the retail sector faces a surge in theft and crime, particularly in Victoria.
Kmart has been ordered not to repeat the practice in the future and will have to publish a statement explaining its use of facial recognition technology and the regulator’s finding against it.
This is the second time the regulator has ruled against facial recognition in retail, following a similar finding against Bunnings last year – a decision that is currently under review by the Administrative Review Tribunal.
Loading
In Bunnings’ case, it took the data of customers’ faces over a three-year period and compared them against a database of individuals the company had deemed a potential risk due to past crime or violent behaviour. Its managing director Mike Schneider said stores that participated in the trial had seen a clear reduction in violent incidents.
The watchdog opened an investigation into Kmart for its use of facial-recognition technology at the same time as the Bunnings investigation. Wesfarmers, which operates Kmart, Bunnings and Officeworks, confirmed Officeworks does not use the technology.
Kind said that the findings did not mean facial-recognition technology was banned outright, but that retailers and public venues have to weigh crime prevention with customer privacy.
“These two decisions do not impose a ban on the use of facial-recognition technology,” Kind said. “Customer and staff safety, and fraud prevention, are legitimate reasons businesses might consider these technologies. However, these reasons are not a free pass to avoid compliance with the Privacy Act.”
More to come
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
Most Viewed in Business
Loading
