Sydun & Co Solicitors

Facial Recognition Technology: What about privacy?

Three large Australian retailers are currently under fire from the Office of the Australian Information Commissioner (“OAIC”), Australia’s privacy watchdog, for breach of privacy laws.

Bunnings, The Good Guys and Kmart have all been put on notice by the OAIC for using facial recognition technology in their stores without sufficient, or any, consent from shoppers.

Facial recognition technology is technology capable of identifying a person by analysing their facial features and mapping a person’s facial features, such as the distance between their eyes. It then matches this to images or footage stored in its database.

The privacy issue is the collection and storage of personal data without the knowledge or consent of the individual.

Prior to these events, Australian privacy law has failed to keep up with advancing technology and there are currently no provisions expressly dealing with facial recognition control.

Instead, the law adopted a more general “cost-benefit” approach regarding the collection of personal information. The organisation would need to demonstrate that collection of this data would serve a legitimate business function that is proportionate to the privacy impact it creates.

Businesses using this technology argue that the legitimate business function is safety, theft prevention and minimisation of anti-social behaviour in stores.

What this interpretation fails to consider is the sensitive nature of biometric data which in turn causes a proportionately greater impact on privacy.

This has raised the question, should consent be sought passively or proactively?

These Australian retailers would seek consent passively through vague or small signage located at the store’s entrance or within the organisation’s lengthy privacy policy. It means that consent is obtained by merely providing an individual with an opportunity to object.

However, it seems unlikely that the average shopper would notice, let alone review a privacy policy on their own volition prior to entering a store.

It is now argued that consent should be obtained proactively whereby an individual has to provide express consent to the collection of their biometric data.

Accordingly, these retailers have since paused the use of facial recognition technology while the OAIC investigates their personal information handling practices.

Australia’s Privacy Act is now under review by Mark Dreyfus, the Attorney General, which could include reforming the Privacy Act into line with Australian Consumer Law potentially effecting a drastic increase in fines for corporations in breach of privacy laws.

Despite a lack of legislation, it appears that public pressure alone has led to 17 major Australian retailers, including Woolworths and Coles, publicly announcing that they do not use facial recognition technology and have no plans to introduce it in the future.


Level 6, 162 Goulburn Street, Surry Hills NSW 2010

(02) 9283 2355 | |

More To Explore