Bunnings' facial recognition ruled to breach Australians' privacy
Embedded Files
Occurred: 2018-2021
Page published: December 2024
Australian retailer Bunnings breached the privacy of hundreds of thousands of Australians by using facial recognition in 62 stores without consent, thereby infringing customer privacy.
What happened
What happened
Bunnings deployed facial recognition technology via CCTV cameras in 62 stores across Victoria and New South Wales between November 2018 and November 2021.
The system captured facial images of all individuals entering these stores, processing them to create biometric profiles.
Bunnings claimed this was to identify "known and repeat offenders" and reduce theft and violence.
Why it happened
Why it happened
Australia's Office of the Australian Information Commissioner (OAIC) ruled that Bunnings' use of facial recognition was disproportionate and unnecessarily intrusive.
The regulator also said that the company had failed to adequately notify customers about the use of facial recognition, obtain consent for collecting sensitive biometric data, and implement proper privacy compliance practices.
What it means
What it means
The ruling is seen as a landmark in Australia and likely to set a precedent for the use of facial recognition technology in Australian retail environments.
Bunnings was ordered to cease using FRT in breach of privacy laws, destroy collected data, and publish a statement about the ruling.
The company said it would appeal the decision.
System 🤖
System 🤖
Unknown
Developer:
Country: Australia
Sector: Retail
Purpose: Improve safety; Reduce theft; Strengthen security
Technology: Facial recognition
Issue: Accountability; Consent; Privacy/surveillance; Proportionality; Transparency
Timeline ⏰
Timeline ⏰
November 2018. Bunnings begins rolling out the facial recognition system across selected stores in New South Wales and Victoria.
November 2021. Bunnings pauses the use of the facial recognition technology in its stores.
June 2022. Consumer group Choice flags concerns about in-store facial recognition practices to the OAIC.
October 2024. The Privacy Commissioner issues a determination stating that Bunnings breached the Australian Privacy Principles (APPs).
February 2026. The Administrative Review Tribunal (ART) rules on appeal, affirming breaches of transparency and notification but setting aside the finding that the collection was unlawful without consent.
Legal, regulatory 👩🏼⚖️
Legal, regulatory 👩🏼⚖️
Office of the Australian Information Commissioner. Bunnings breached Australians’ privacy with facial recognition tool
News, commentary, analysis 🗞️
News, commentary, analysis 🗞️
https://www.abc.net.au/news/2024-11-19/oaic-investigation-into-bunnings-facial-recognition/104613700
https://www.theguardian.com/australia-news/2024/nov/19/bunnings-facial-recognition-technology-breach-stores-ntwnfb
https://www.jdsupra.com/legalnews/australia-in-store-facial-recognition-1546748/
https://theconversation.com/bunnings-breached-privacy-law-by-scanning-customers-faces-but-this-loophole-lets-other-shops-keep-doing-it-244031
AIAAIC Repository ID: AIAAIC1839
Page updated
Google Sites
Report abuse