Choice Report on the use of facial recognition technology in stores.

Australia’s leading consumer advocacy group Choice has revealed that major retailers may be in breach of privacy laws using facial recognition technology in their stores. The Good Guys, Kmart, and Bunnings have been condemned by the group for not providing enough transparency about how the data they collect from their customers is used.

Whilst the three retail giants have maintained that the use of facial recognition software in their stores is to prevent theft, Choice has likened the collection of ‘faceprints’ to collecting DNA or fingerprints and stresses that customers must be better informed about the use of these technologies whilst they shop. The Privacy Act 1988 (Act) currently regulates the collection and use of most personal information, requires retailers to inform customers of the collection of personal information, and disclose how data is stored and what kind of data is collected. The Act doesn’t however regulate non-identifiable data.

Choice’s research survey reveals that 76% of respondents are unaware that these retailers even use facial recognition and 78% expressed concerns over how the data was stored. Whilst Kmart and Bunnings provide notice outside of their stores in the form of small and discrete signage and within their online privacy policies, they have been criticised for not implementing more visible forms of public notification which would allow customers to give informed consent to the capturing of their faceprint.

The potential for misuse of this data may include targeted advertising to induce consumers to buy more (similar to cookies on electronic devices), the use of identity data to extract information from social media and perform an unauthorised risk analysis based on the credit scores of an individual, and the merging of identity data with financial, economic, social, and political data. As cybercrime becomes an increasing concern and threat to the Australian public, individuals must be afforded the option to choose what data about themselves should be made available.

More broadly, how do we prevent targeted advertising and the “personalised experience” from eliminating choice and autonomy over our lives, particularly for vulnerable individuals influenced by addictive products and services, misinformation or extremist content? The unregulated use of facial recognition (and other biometric) software raises other questions. How is this information shared with police? Would unsecure storage have implications, for example, in identifying victims of domestic violence to their abusers?

NSWCCL backs Choice’s referral of these retailers to the Office of the Australian Information Commissioner and urges an investigation of whether the use of this technology is appropriate, proportionate, and in alignment with current laws. It also supports Choice’s push for the federal government to create a legal framework that will provide protection for consumers against invasive and harmful practices.

Read more here.

*UPDATEThe Office of the Australian Information Commissioner (OAIC) confirmed last week it had opened a probe into facial recognition technology, focusing on how the retail giants handle customers’ personal information. NSWCCL welcomes this development.