Australian hardware chain Bunnings breached privacy with facial recognition tool, regulator says Reuters

SYDNEY (Reuters) – Wesfarmers-owned Bunnings, the country’s biggest Bunnings, breached the privacy of thousands of customers by using facial recognition technology without their consent, an Australian watchdog has found.

Bunnings compared customers’ faces with people it had stored on its database who were identified as having a history of previous crime or violent behaviour, according to the Office of the Australian Information Commissioner (OAIC). The program automatically deletes images if no matches are found.

The technology may be an effective and cost-effective option for Bunnings to tackle illegal activity but that does not mean its use can be justified, Privacy Commissioner Carly Kind said in a statement.

Bunnings failed to take reasonable steps to inform people that their personal information was being collected and did not include the required information in its privacy policy, he added. The company has been ordered to destroy all personal information and stop practices that may affect customer privacy.

Bunnings said he was very disappointed by the decision and said he would speak to the Administrative Review Tribunal for a review.

“We believe that customer privacy was not at risk. Electronic data was not used for marketing purposes or to track customer behaviour,” Bunnings Managing Director Mike Schneider said in a statement.

The facial recognition system captured details of customers who visited 63 stores in the states of Victoria and New South Wales between November 2018 and November 2021, the dog said.

Facial images and other biometric information are considered sensitive under Australian privacy law, and the OAIC’s decision could influence how businesses may use facial recognition technology in the future.

In 2022, consumer group CHOICE complained to the government that three stores, including Bunnings, were using “unreasonable” facial recognition technology.