Obtaining consent to collect facial recognition data ‘impractical,’ says Bunnings

One of Australia’s most high profile court cases over facial recognition in retail continues to see volleys exchanged between the Office of the Australian Information Commissioner (OAIC) and major hardware retailer Bunnings.

The OAIC says Bunnings Group breached Australian privacy laws by collecting personal and sensitive information in the form of face biometrics at store locations without the consent of those being recorded.

The system of CCTV cameras equipped with facial recognition capabilities was installed in 63 stores. Bunnings says it captured face data and compared it against a database of customers flagged for abusive behavior.

The latest appeal from Bunnings Group says it’s “unreasonable or impracticable” for it to obtain individuals’ consent to collect facial recognition data. MLex reports on court documents in which Bunnings argues its collection of biometric data didn’t breach Australian privacy, citing exemptions under the 1988 Privacy Act.

Specifically, the retailer claims that Australian Privacy Principle 3.3, or APP 3.3, doesn’t apply because a “permitted general situation” existed under section 16A of the act. Bunnings says it suspected “serious unlawful activity or misconduct related to its operations and believed data collection was necessary to respond appropriately.” Moreover, it says it’s just not practical to obtain consent to collect face biometrics, but that data collection is “necessary to prevent a serious threat to an individual’s life, health or safety or to public safety more broadly.”

In effect, it says the people it monitored were suspicious characters – the kinds that have been caught on video punching and threatening Bunnings staff – and as a result, it wasn’t “reasonable or appropriate” to notify them of the data collection. It also claims it has taken reasonable steps to ensure compliance with privacy laws.

Information Commissioner Carly Kind has essentially responded by saying, “bring it on,” noting to MLex that Bunnings legal challenge would “help to add clarity to the application of provisions under the Privacy Act.” The OAIC has spoken of shifting to a more “harm-focused approach” and more robust enforcement of biometric data privacy law.

Despite the tough talk, there is significant public support for facial recognition in retail from the Australian public. A poll conducted by news.com.au revealed that 78 percent of nearly 11,000 respondents supported Bunnings’ use of the controversial program, calling it an “important tool.”

Article Topics

Australia  |  biometric data  |  biometrics  |  data collection  |  facial recognition  |  Office of the Information Commissioner (OAIC)  |  retail biometrics  |  video surveillance