These Popular Retailers Are Being Investigated Over ‘Unethical’ Use Of Facial Recognition Tech
Kmart #Kmart
CHOICE has launched an investigation into Kmart, Bunnings and The Good Guys after it learned they appear to be using (and storing!) facial recognition data of customers in their stores. In case you needed another reason to wear a mask.
CHOICE asked 25 Aussie retailers if they use facial recognition data and analysed their privacy policies. Based on both their policies and responses, it seems only Kmart, Bunnings and The Good Guys were actually capturing faceprints (AKA the unique biometric data of your face).
The companies’ privacy policies can be found online, but as CHOICE consumer data advocate Kate Bower pointed out, “because we’re talking about in-person retail shops, it’s likely that no one is reading a privacy policy before they go into a store.”
The Good Guys’ policy says cameras may capture an image of someone’s face to track them through the store and it may be stored for future visits. It justifies this as “strictly for the purposes of security and theft prevention and managing/improving customer experiences at our store”. Sighs in surveillance capitalism.
CHOICE staff actually went to Kmart, Bunnings and The Good Guys to suss out if they had signs alerting customers of the data storing. It turns out Kmart and Bunnings did, but the signs were “small” and “inconspicious”. In Kmart’s condition of entry sign, which warns customers that bags must be presented to staff for checking, it also says the store has “24-hour CCTV coverage, which includes facial recognition technology”.
CHOICE reckons that because most customers would probably miss these small signs, “the collection of biometric data in such a manner may be in breach of the Privacy act”.
“The use of facial recognition by Kmart, Bunnings and The Good Guys is a completely inappropriate and unnecessary use of the technology,” Bower said.
“Discreet signage and online privacy policies are not nearly enough to adequately inform shoppers that this controversial technology is in use. The technology is capturing highly personal data from customers, including infants and children.”
While Kmart and The Good Guys didn’t respond to CHOICE’s questions about why they think its appropriate to use facial recognition technology in their stores, Bunnings did.
Bunnings’ chief operating officer Simon McDowell told CHOICE facial recognition technology prevents theft and “poor behaviour”.
“At selected stores our CCTV systems utilise facial recognition technology, which is used to help identify persons of interest who have previously been involved in incidents of concern in our stores,” he said. So, don’t shoplift at Bunnings kids.
“We let customers know about our use of CCTV and facial recognition technology through signage at our store entrances and also in our privacy policy, which is available on our website.
“It’s really important to us that we do everything we can to discourage poor behaviour in our stores, and we believe this technology is an important measure that helps us to maintain a safe and secure environment for our team and customers.”
So, is this all legal?
It can be, but only if it meets certain requirements.
Your biometric information is considered “sensitive data”, which means there’s a much higher standard for how and why it’s kept. According to the Privacy Act, a company needs a pretty good reason to collect it, and those reasons need to outweigh the harm involved in storing such important info.
“Using facial recognition technology in this way is similar to Kmart, Bunnings or The Good Guys collecting your fingerprints or DNA every time you shop,” CHOICE’s Kate Bower said, per news.com.au.
“Businesses using invasive technologies to capture their customers’ sensitive biometric information is unethical and is a sure way to erode consumer trust.”
Hence CHOICE’s investigation.
“We believe that these retail businesses are disproportionate in their over collection of this information, which means that they may be in breach of the Privacy Act,” Bower said.
“We intend to refer them to the Information Commissioner on that basis.”
Whether or not these companies are found to be breaching the privacy act, I think there’s one important thing we can take away from this: wear a goddamn mask.