Bunnings' facial recognition ruled to breach Australians' privacy

Occurred: 2018-2021

Australian retailer Bunnings breached the privacy of hundreds of thousands of Australians by using facial recognition in 62 stores without consent.

What happened

Bunnings deployed facial recognition technology via CCTV cameras in 62 stores across Victoria and New South Wales between November 2018 and November 2021.

The system captured facial images of all individuals entering these stores, processing them to create biometric profiles. 

Bunnings claimed this was to identify "known and repeat offenders" and reduce theft and violence.

Why it happened

Australia's Privacy Commissioner ruled that Bunnings' use of facial recognition was disproportionate and unnecessarily intrusive. 

The regulator also said  that the company had failed to adequately notify customers about the use of facial recognition, obtain consent for collecting sensitive biometric data, and implement proper privacy compliance practices.

What it means

The ruling is seen as a landmark in Australia and likely to set a precedent for the use of facial recognition technology in Australian retail environments.

Bunnings has been ordered to cease using FRT in breach of privacy laws, destroy collected data, and publish a statement about the ruling. The company plans to appeal the decision.

Facial recognition system

A facial recognition system is a technology potentially capable of matching a human face from a digital image or a video frame against a database of faces.

Source: Wikipedia 🔗

System 🤖

Operator: Bunnings customers
Developer:  
Country: Australia
Sector: Retail
Purpose: Improve safety; Reduce theft; Strengthen security
Technology: Facial recognition
Issue: Privacy

Legal, regulatory 👩🏼‍⚖️

News, commentary, analysis 🗞️

Page info
Type: Incident
Published: December 2024