Australia’s privacy commissioner has ruled that retail giant Kmart broke privacy laws by using facial recognition technology on its shoppers.
The privacy breaches took place between June 2020 and July 2022, when Kmart rolled out its facial recognition technology in 28 stores across the country to combat refund fraud and theft.
The ABC reports that during that period, the retailer captured the faces of tens or hundreds of thousands of customers located either at store entrances or refund counters.
The technology worked by scanning the faces of all customers — not just those suspected of fraud — and crosschecking their facial data against a database of people who had committed refund fraud in stores.
Kmart’s use of facial recognition prompted a three-year investigation, the results of which were delivered by privacy commissioner Carly Kind earlier today.
Kind found that Kmart’s use of facial recognition technology was both disproportionate and non-consensual, and put customers at “risk of commercial surveillance, discrimination, [and] unlawful or arbitrary arrest”.
The investigation pointed to Kmart’s $9.9 billion revenue in 2020 as evidence that its response to theft through facial technology was “disproportionate” given the “small” number of fraudulent incidents.
Kind said facial technology is only “partially suitable” for preventing fraud, and rejected Kmart’s previous argument that it didn’t need consent because the organisation reasonably believed they needed to collect personal information to tackle unlawful activity, in line with an exemption in the Privacy Act.
Kmart was ordered to not repeat the process — which it stopped when the investigation was launched in 2022 — in the future, and to issue a statement disclosing its prior use of the technology on its website within 30 days.
In a statement a Kmart spokesperson said the retailer was “disappointed” by the findings and may review its options to appeal.
“Like most other retailers, Kmart is experiencing escalating incidents of theft in stores, which are often accompanied by anti-social behaviour or acts of violence against team members and customers,” the spokesperson said, per The Age.
The spokesperson said images of customers were “only retained if they matched an image of a person of interest”, and that Kmart “remains committed to finding tools to reduce crime in our stores”.
In her findings, Kind said the decision does not outright ban the use of facial recognition in stores, but prompts retailers to weigh crime prevention with customer privacy.
A separate investigation into Bunnings’ use of facial recognition technology is currently under review by the Administrative Review Tribunal.
Lead image: iStock
The post Kmart Breached Privacy Laws By Using Facial Recognition Tech To Combat Refund Fraud appeared first on PEDESTRIAN.TV .
