Bunnings Group has breached Australians’ privacy by collecting hundreds of thousands of individuals personal and sensitive information without consent, the Australian government found.
The leading home improvement retailer operated CCTV facial recognition technology in at least 62 stores in Victoria and New South Wales over three years. The company failed to notify its customers that their personal information was being collected in its privacy policy between November 2018 and November 2021.
Privacy Commissioner Carly Kind said in a statement: “Facial recognition technology, and the surveillance it enables, has emerged as one of the most ethically challenging new technologies in recent years.”
“In this instance, deploying facial recognition technology was the most intrusive option, disproportionately interfering with the privacy of everyone who entered its stores, not just high-risk individuals,” said Commissioner Kind.
Bunnings said it was using individuals’ facial images for its database by helping to identify individuals that pose a risk in its stores, either from past criminal incidents or violent behaviour.
The Wesfarmers-owned retailer has since paused its use of facial recognition technology during the investigation and Bunnings has been ordered by the Commissioner to cease breaching individuals’ privacy and destroy all information collected.
Kind said this instance should be a reminder to all organisations to consider how using technology might impact people’s privacy and ensure privacy obligations are being met.
According to the government, facial images and other forms of biometric information are sensitive information under the Privacy Act and sensitive information has a higher level of privacy protection than other personal information.
Wesfarmers (ASX: WES) closed at $71.17 on November 19 and has a market cap of $23.69 billion.