CHOICE raises privacy concerns around biometrics capture

A new report from CHOICE shows that Kmart, Bunnings and The Good Guys are using facial recognition technology instore, raising privacy concerns.

The consumer advocacy group asked 25 leading Australian retailers if they were using the technology and additionally analysed their privacy policies. CHOICE says based on the responses and policies, the three named retailers are the only organisations that are currently capturing customers' biometric data.

According to CHOICE consumer data advocate Kate Bower, most retailer privacy policies are only found online.

"Most of these privacy policies you have to search for online, and they're often not easy to find," Bower said.

"But because we're talking about in-person retail shops, it's likely that no one is reading a privacy policy before they go into a store."

The investigation included store visits by CHOICE staff members, and found that both Kmart and Bunnings posted small, inconspicuous physical signs at store entrances which most shoppers were likely to miss. The group suggests that collection of biometric data in this manner may be in breach of the Privacy Act.

Shoppers unaware of data capture

Earlier this year, CHOICE conducted a survey of 1000 Australians to gauge awarness of facial recognition usage. More than three-quarters (76%) of respondents were unaware that the technology was being used by retailers. 83% believe customers should be informed of the use of facial recognition before they enter the store, while 78% expressed concerns about secure storage of the data. Almost two-thirds (65%) expressed concern about stores using the technology to customer create profiles.

Privacy concerns

According to Bower, the Privacy Act considers biometric information, including unique faceprints, to be sensitive data, which attracts application of a higher standard than other types of personal information.

"It requires that your collection of that information has to be suitable for the business purpose that you're collecting it for, and that it can't be disproportionate to the harms involved," she said. 

"We believe that these retail businesses are disproportionate in their over-collection of this information, which means that they may be in breach of the Privacy Act

"We intend to refer them to the Information Commissioner on that basis."

According to CHOICE, the Attorney General is currently conducting a five-year review of the Privacy Act, which Bower says presents opportunity to strengthen measures around the capture and use of consumer data, including biometrics. She suggests that irrespective of whether retailers are in breach of the Act by capturing faceprints, clearer and stronger regulations are required around obtaining and using facial recognition data, as well as customer consent.

Image credit: ©stock.adobe.com/au/zapp2photo