Retail giant Kmart breached Australians’ privacy by scanning shoppers’ faces without consent, Australia’s privacy commissioner has ruled.
Between June 2020 and July 2022, Kmart installed facial recognition cameras in 28 stores to combat refund fraud.
Every customer who entered – not just suspected fraudsters – had their biometric data captured.
Kmart breached customers’ privacy by scanning their faces without consent, the privacy commissioner has found.Credit: Bloomberg
Privacy commissioner Carly Kind said that after a three-year investigation, she found the practice was “a disproportionate interference with privacy.”
“I do not consider that the respondent (Kmart) could have reasonably believed that the benefits of the facial recognition technology system in addressing refund fraud proportionately outweighed the impact on individuals’ privacy,” she said in a statement.
“[It was] also minimal with respect to [Kmart’s] annual revenue, which was $9.2 billion in the 2020 financial year.”
Kmart argued it was entitled to use the technology under a Privacy Act exemption for tackling unlawful activity, but Kind rejected that defence, concluding the collection of biometric information from thousands of innocent customers was unjustified.
Kmart was contacted for comment. The company co-operated with the investigation and stopped operating the system in July 2022.
Kmart has been ordered not to repeat the practice in the future, and will have to publish a statement on its website within 30 days explaining its use of facial recognition technology and the regulator’s finding against it.
This is the second time the regulator has ruled against facial recognition in retail, following a similar finding against Bunnings last year, a decision that is currently under review by the Administrative Review Tribunal.
Read the full article here
