Australia’s favourite hardware chain has been found guilty of breaching customer privacy by scanning the faces of everyone entering the store.
In 2022, Bunnings was ousted as one of the country’s many retailers employing facial recognition tech in stores to track customers by checking the face of every Aussie entering the store and checking them against a database of banned buyers.
Supposedly implemented to crack down on theft and store violence, this scanning tech captured images of people’s faces from video cameras at the entrance – such as CCTV footage – to compile a unique customer “faceprint” that would be compared against those flagged on their database.
For the customers not in the database, that profile would be deleted about four milliseconds after checking.
But with only a few small signs at the store entrance announcing the implementation of facial scanning, the tracking tech quickly garnered backlash from customers and sparked an investigation from the Office of the Australian Information Commissioner.
Officers found that the tech had been deployed at 63 stores between November 2018 and November 2021 – likely capturing hundreds of thousands of people.
The privacy commissioner, Carly Kind, found Bunnings collected sensitive information without consent and failed to take reasonable steps to notify people their information was being collected.
“Facial recognition technology may have been an efficient and cost-effective option available to Bunnings at the time in its well-intentioned efforts to address unlawful activity, which included incidents of violence and aggression,” she said.
“However, just because a technology may be helpful or convenient does not mean its use is justifiable. In this instance, deploying facial recognition technology was the most intrusive option, disproportionately interfering with the privacy of everyone who entered its stores, not just high-risk individuals.”
According to the Commissioner, facial recognition technology has emerged as one of the most ethically challenging new technologies in recent years and companies like Bunnings need to watch closely how it’s used.
“We acknowledge the potential for facial recognition technology to help protect against serious issues, such as crime and violent behaviour. However, any possible benefits need to be weighed against the impact on privacy rights, as well as our collective values as a society.
“We can’t change our face. The Privacy Act recognises this, classing our facial image and other biometric information as sensitive information, which has a high level of privacy protection, including that consent is generally required for it to be collected,” she added.
As a result of the ruling, Bunnings has been ordered to not repeat or continue the acts and practices that led to the interference with individuals’ privacy.
Bunnings bites back
But Bunnings isn’t taking the decision lying down. Managing director Mike Schneider said the hardware chain is seeking a review of the decision, claiming that the tech had been directly responsible for cracking down on in-store crime and violence against employees.
“We had hoped that, based on our submissions, the commissioner would accept our position that the use of FRT [facial recognition technology] appropriately balanced our privacy obligations and the need to protect our team, customers and suppliers against the ongoing and increasing exposure to violent and organised crime, perpetrated by a small number of known and repeat offenders,” he said.
Schneider claimed that 70 per cent of store incidents were caused by the same group of people, but it was impossible to enforce bans on people given the high number of visitors, arguing that facial recognition tech (FRT) provided the fastest and most accurate way to identify problem individuals.
He said that during the trial, stores implementing the tech created “safer” environments for both employees and staff than other locations, supposedly without putting customer privacy at risk.
“The electronic data was never used for marketing purposes or to track customer behaviour. Unless matched against a specific database of people known to, or banned from stores for abusive, violent behaviour or criminal conduct, the electronic data of the vast majority of people was processed and deleted in 0.00417 seconds–less than the blink of an eye.”
To hammer home their argument for store safety, Bunnings released several videos of CCTV footage to the media of shocking incidents involving customers flagged by the database assaulting staff members, threatening store-goers with weapons and even committing armed robbery at gunpoint.
@nzstuff Bunnings has released CCTV footage depicting violent attacks on staff and even nudity in an attempt to defend its use of facial recognition technology without customers' consent. #bunnings #cctv #nz #australia #nzstuff ♬ original sound – NZstuff
“FRT was an important tool for helping to keep our team members and customers safe from repeat offenders. Safety of our team, customers and visitors is not an issue justified by numbers,” added Schneider
“Everyone deserves to feel safe at work. No one should have to come to work and face verbal abuse, threats, physical violence or have weapons pulled on them.”