The Office of the Australian Information Commissioner is investigating how Kmart and Bunnings handle personal information, specifically facial recognition technology, writes Dr Binoy Kampmark.
THE LANGUAGE is far from reassuring. Despite being caught red-handed using facial recognition technology potentially unbeknownst to customers, several of Australia’s large retail companies have given a (qualified) meek assurance that they will “pause” their use.
It all began with an investigation by Australian consumer advocacy group CHOICE which found that the department store chain Kmart and household warehouse chain Bunnings, were using facial recognition technology (FRT) to ostensibly protect customers and staff while reducing theft in select stores.
The group also found a third retailer, The Good Guys, had not lived up to its distinctly smug name, using technology that stores the unique biometric information of its customers.
According to the investigation, 25 major Australian companies were asked whether they used FRT and how their privacy policies stacked up. Based on the findings, the three big culprits were identified.
FRT navigates some rather treacherous terrain. There is the broader question of privacy and issues of consent.
CHOICE consumer data advocate Kate Bower put her finger on the issue by noting that the privacy policies of such companies were usually buried in vast online undergrowth and 'often not easy to find'.
Given the operating nature of such stores – being in person and retail – it was also unlikely that anyone was “reading a privacy policy” before entering. There are also prevailing problems with bias and racial discrimination.
At some of their outlets, Kmart and Bunnings did sport signs at entrances informing customers that such technology was being used. The evident concern here was that the signs themselves were barely noticeable to patrons, placed in strategically innocuous spots. For any toiling student seeking to understand the law of contract and the incorporation of contractual terms, such signs are virtually worthless in drawing attention to any individual entering the store.
In a survey of over 1,000 Australians between March and April this year, CHOICE found a general lack of awareness about the nature of the technology being used. Three out of four (76%) claimed with less than blissful ignorance they did not know retailers were using facial recognition. Those who did smell a rat identified the wrong parties — namely supermarket chains Coles and Woolworths.
The percentage of those surveyed, claiming that retail stores should disclose to customers the use of FRT before entering the store, was 83%, while 78% expressed concern about the security of any faceprint data secured by the companies.
Bunnings has, unsurprisingly, accused CHOICE of misrepresenting its actions. In the carefully chosen words of chief operating officer Simon McDowell, such:
“... technology is used solely to keep team and customers safe and prevent unlawful activity in our stores, which is consistent with the Privacy Act [1988].”
Through the annals of history, when laws are breached and principles are violated, the principle of necessity gets saddled up and ridden into debates.
In this case, the staff might be endangered by reprobates (“repeat abuse and threatening behaviour” McDowell calls it), or customers who need protection when going about their shopping. And even when used, there are “strict controls around the use of the technology which can only be accessed by [a] specially trained team”.
Bunnings managing director, Mike Schneider, reiterates the security element of the enterprise — FRT aided in identifying banned customers and undesirables.
Schneider told 9News:
"We don’t use it for marketing or customer behaviour tracking and we certainly don’t use it to identify regular customers who enter our stores as CHOICE has suggested."
Consent and the law have not always been on the best of terms.
On 12 July, the Office of the Australian Information Commissioner (OAIC) announced that it was opening investigations into the way personal information is handled by Kmart and Bunnings, with specific reference to the use of FRT.
The body’s director of strategic communications, Andrew Stokes, explains that biometric information, as collected by FRT, 'is sensitive personal information under the Privacy Act [1988].'
Any organisation that falls within the operation of the Privacy Act 1988 is not entitled to collect sensitive information without consent from the individual. Any information gathered must also be reasonably necessary for the organisation’s functions or activities.
Consent and the law have not always been on the best of terms. Often strangers, they sometimes converge or miss each other altogether.
In terms of Australian privacy law – hardly impressive and often disappointing in its lack of bite – the OAIC will note the following elements to determine whether genuine consent was given for the use of FRT: whether the individual was adequately informed before granting consent; whether it was done voluntarily; whether it was current and specific, and whether the individual had the capacity to comprehend and communicate that consent.
The reaction from the three retail outlets has, for the most part, been tactical and more likely a case of waiting for the OAIC’s verdict.
According to Bower:
'... customers will welcome the news that Bunnings and Kmart are joining The Good Guys in pausing the use of facial recognition technology in their stores, but we know that what customers really want is for them to stop using it altogether.'
To do so would be very much against the ill-spirited nature of Australian corporate culture, as privateering as any that can be found on this warming planet.
These businesses may have been bruised and slightly embarrassed, but (in doing what customers really want) they are unlikely to be compliant.
Dr Binoy Kampmark was a Cambridge Scholar and is a lecturer at RMIT University. You can follow Dr Kampmark on Twitter @BKampmark.
Support independent journalism Subscribe to IA.