Australian watchdog says budget retailer Kmart breached privacy with facial recognition tech

Audio By Carbonatix

(Reuters) -An Australian regulator has found Wesfarmers’ budget department store Kmart breached privacy by collecting personal and sensitive information via a facial recognition technology system designed to combat refund fraud, it said on Thursday.

The Office of the Australian Information Commissioner (OAIC) found that Kmart did not notify shoppers or seek their consent to use the technology to collect their biometric information.

The watchdog said that Kmart deployed the technology to capture the details of every customer who entered 28 of its retail stores between June 2020 and July 2022.

According to the OAIC, Kmart argued it was not required to obtain consent because of an exemption in the Privacy Act that applies when organisations believe they need to collect personal information to tackle unlawful activity.

Kmart and Wesfarmers did not immediately respond to Reuters’ requests for comment.

Facial images and other biometric information are considered sensitive under Australia’s privacy laws, and the OAIC determination is instructive for businesses considering the deployment of new technologies like facial recognition.

“Customer and staff safety, and fraud prevention and detection are legitimate reasons businesses might have regard to when considering the deployment of new technologies. However, these reasons are not…a free pass to avoid compliance with the Privacy Act,” Privacy Commissioner Carly Kind said in a statement.

The determination is the second issued by the OAIC on the use of facial recognition technology in retail settings. Last year, the regulator found that Wesfarmers-owned home improvement chain Bunnings breached the privacy of thousands of customers by using the tool without gaining consent.

(Reporting by Nikita Maria Jino in Bengaluru; Editing by Rashmi Aich)