The language is far from reassuring. Despite being caught red handed using facial recognition technology unbeknownst to customers, a number of Australia’s large retail companies have given a meek assurance that they will “pause” their use. The naughty will only show contrition in the most qualified of ways.
It all began with an investigation by CHOICE which found that the department store chain Kmart, and household warehouse chain Bunnings, were using FRT to ostensibly protect customers and staff while reducing theft in select stores. The group also found a third retailer, The Good Guys, had not lived up to its distinctly smug name, using technology that stores the unique biometric information of its customers.
According to the investigation, 25 major Australian companies were asked whether they used FRT and how their privacy policies stacked up. Based upon the findings, the three big culprits were identified.
FRT navigates some rather treacherous terrain. There is the broader question of privacy and issues of consent. CHOICE consumer data advocate Kate Bower put her finger on the issue by noting that the privacy policies of such companies were usually buried in vast online undergrowth and “often not easy to find.” Given the operating nature of such stores – being in person and retail – it was also unlikely that anyone was “reading a privacy policy” before entering.
At some of their outlets, Kmart and Bunnings did sport signs at entrances informing customers that such technology was being used. There are also prevailing problems with bias and racial discrimination. The evident concern here was that the signs themselves were barely noticeable to patrons, placed in strategically innocuous spots. For any toiling student seeking to understand the law of contract and the incorporation of contractual terms, such signs are virtually worthless in drawing attention to any individual entering the store.
In a survey of over 1,000 Australians between March and April this year, CHOICE found a general lack of awareness about the nature of the technology being used. Three out of four (76%) claimed with less than blissful ignorance they did not know retailers were using facial recognition. Those who did smell a rat identified the wrong parties – namely supermarket chains Coles and Woolworths.
The percentage of those surveyed claiming that retail stores should disclose to customers about the use of FRT before entering the store was 83% while 78% expressed concern about the security of any faceprint data secured by the companies.
Bunnings has, unsurprisingly, accused CHOICE of misrepresenting their case. In the carefully chosen words of chief operating officer Simon McDowell, such “technology is used solely to keep team and customers safe and prevent unlawful activity in our stores, which is consistent with the Privacy Act.”
Through the annals of history, when laws are breached and principles are violated, the principle of necessity gets saddled up and ridden into debates. In this case, its staff who might be endangered by reprobates (“repeat abuse and threatening behaviour,” McDowell calls it), or customers who need protection when going about their shopping. And even when used, there are “strict controls around the use of the technology which can only be accessed by [a] specially trained team.”
Bunnings managing director, Mike Schneider, reiterates the security element of the enterprise. FRT aided in identifying banned customers and undesirables. “We don’t use it for marketing or customer behaviour tracking, and we certainly don’t use it to identify regular customers who enter our stores as CHOICE has suggested.”
On July 12, the Office of the Australian Information Commissioner (OAIC) announced that it was opening investigations into the way personal information is handled by Kmart and Bunnings, with specific reference to the use of FRT. The body’s director of strategic communications, Andrew Stokes, explains that biometric information, as collected by FRT, “is sensitive personal information under the Privacy Act.”
https://www.youtube.com/watch?v=E4eZHtXmiTg
Any organisation that falls within the operation of the Privacy Act 1988 (Cth) is not entitled to collect sensitive information in the absence of consent from the individual. Any information gathered must also be reasonably necessary for the organisation’s functions or activities.
Consent and the law have not always been on the best of terms. Often strangers, they sometimes converge, or miss each other altogether. In terms of Australian privacy law, hardly impressive and often disappointing in its lack of bite, the OAIC will note the following elements to determine whether genuine consent was given to the use of FRT: whether the individual was adequately informed before granting consent; whether it was done voluntarily; whether it was current and specific; and whether the individual had the capacity to comprehend and communicate that consent.
The reaction from the three retail outlets has, for the most part, been tactical, and more likely a case of waiting for the OAIC’s verdict. According to Bower, “customers will welcome the news that Bunnings and Kmart are joining The Good Guys in pausing the use of facial recognition technology in their stores, but we know that what customers really want is for them to stop using it altogether.” To do so would be very much against the ill-spirited nature of Australian corporate culture, as privateering as any that can be found on this warming planet. They may have been bruised and slightly embarrassed, but they are unlikely to be compliant.
[textblock style=”7″]
Like what we do at The AIMN?
You’ll like it even more knowing that your donation will help us to keep up the good fight.
Chuck in a few bucks and see just how far it goes!
Your contribution to help with the running costs of this site will be gratefully accepted.
You can donate through PayPal or credit card via the button below, or donate via bank transfer: BSB: 062500; A/c no: 10495969
[/textblock]
“pausing”
In other words, they’ll stop until thhe furore has died down and then it’s back to business as usual.
In terms of the last nine years, for businesses to collect millions of faces, ostensibly, to recognise a few shop thieves, is acceptable. What other purposes is up to the business, also reflects the LNP ethos.
Till collateral damage is considered before action, I suppose sunglasses masks and zinc cream, with alternating vertical, horizontal and oblique streaks, might be effective?
So I lack imagination – for the life of me I cannot understand what use biometric or FR data is to a retail business unless there is a dark side like laying out the store so that you have to walk the greatest distance to buy common stuff (ref: IKEA). Can somebody please help.
Somehow I read this scenario in ”1984”.
I really appreciate this contribution Binoy.
I visited Woolworth’s supermarket on 31 July 2022 at Montague Road, West End in Brisbane. I noticed that new technology had been added to the automatic check-out machines while I was away in Europe for just six weeks.
I sent a polite email to the CEO of Woolworths with a copy to Woolworth’s media on this issue prior to my departure but received no reply.
I have also approaches Police Media on this issue. It was claimed that such practices are within the limits of current legislation. This story will require a lot of investigation from multiple sources.
Woolworth’s staff claim to be unaware of just what happends to their storage of photographic data and refuse to fess up about which security firm handles this customer data from the check-out cameras. In some stores, there seems to be multiple security involvement from Woolworth’s security staff, centre management and unknown security firms who process the data at a central location well outside the offending stores.
Readers should give positive feedback to Bunnings about the firms decion to remove the offensive technology. I was able to do that yesterday. There is also a shortage of suppy of some items due to the previous governments antics with the supply line from China.
This is an issue worth investigating. It is in the traditions of 1984 as state and territory government have given to green light to corporates to continue this nonsense to the glee of global security firms.
In Q, there are varying degrees of tolerance by security firms towards customers. Do note the P/R from Asset College at North Lakes in comparison. It has no hesitation about proclaiming financial support offered through government funding. Details are all on the College web site.
The Q state protective services group and the very major security firms seems seem to be more aware of civial liberties concerns than the minor providers. However, nothing is certain because of the veil of secrecy which surrounds this industry.
The problem will take a lot of hard-work to unravel in the interests of readers who should become involved in generating feedback through AIM Network.
As a MEAA member I detest the intrusion of US security practices here and in Europe. In Europe, security guards in stores often carried revolvers , tazers and occasionally truncheons for good measure.
At one place in France, mandarins were available on the street and had fallen from a sudden thunderstorm. As it was coolish, I entered a small supermarket looking for packet soup which was not available in the store.
A security guard, individually checked customers before a right of passage to the non-automatic check-out was allowed. I was asked about the offending mandarin because the security staffer noted a bulge in my pocket.
Most Australians would detest this example of French hospitality to customers here.
Do take note of this offending secuity at every store that you support and stand up for your limited or non-existant rights.