Life Tech Kmart, Bunnings stick with in-store facial recognition despite probe

Kmart, Bunnings stick with in-store facial recognition despite probe

Twitter Facebook Reddit Pinterest Email

Kmart and Bunnings will keep using controversial in-store facial recognition technology, despite another major retailer abandoning it amid an ongoing privacy probe.

Choice lodged a complaint with the Office of the Australian Information Commissioner earlier this month after revealing retailers’ use of facial recognition.

Choice said most Australian shoppers were unaware of the technology’s use, with some telling the group they found it “creepy and invasive”.

Also included in Choice’s complaint was electronics retailer The Good Guys, which confirmed on Tuesday that it would pause its trial of the tech in two Melbourne stores during the investigation.

Kmart and Bunnings, however, have doubled down on their programs, with a leading cyber intelligence expert lashing them for a “lack of disclosure”.

No way out

Representatives from Bunnings and Kmart, both owned by Wesfarmers, told The New Daily on Wednesday they would continue using facial recognition technology in their stores.

Both companies have previously said they believe the use is legal.

On Wednesday, they refused to answer repeated inquiries about which stores had the technology, how long it had been in use, and where data was stored.

University of the Sunshine Coast cyber intelligence lecturer Dr Dennis Desmond said it was concerning that customers had no way to ‘opt out’ of such data collection.

“The problem I have with the use of those technologies is … a lack of disclosure to the individuals captured on video or still within a store [about] the retention of the data [and] how the data is actually going to be used,” he said.

“I do think it’s incredibly sensitive. And I think that patrons should have the option of opting out, or at least having the data removed upon their departure from the store.”

‘No need’

The Good Guys said it had planned to use the data to “review incidents of theft and for the purposes of customer and team member safety and wellbeing”.

Bunnings and Kmart’s privacy policies both note facial recognition is for “loss prevention or store safety purposes”.

Dr Desmond said he saw “no need” for retailers to use facial recognition analysis to prevent theft.

“Historically … in the event that there is an incident, [footage] is turned over to law enforcement, who would then identify the perpetrators,” he said.

“I’m not sure that it’s up to individual retailers to identify criminals and perpetrators. That’s a law enforcement function.

“While they certainly want to be able to collect the evidence, there’s no need for them to actually perform identity resolution or facial recognition on that data.”

facial recognition
Dr Desmond says concerns about retailers’ use of facial recognition technology are “absolutely” warranted.

Painting a bigger picture

Dr Desmond said the data collected by such technology could be used for everything from tracking consumer behaviour to tailoring marketing.

“Technology has advanced to a point where it’s in use by some organisations to be able to identify frequency of shopping [and] marketing, by identifying which aisles the persons are actually perusing and which products they’re looking at,” he said.

He said the data could be paired with other information about customers, such as payment methods and mobile phone data.

“It absolutely could be used for a variety of applications to include even affecting whether or not we’re granted loans or health insurance [by identifying] risky behaviour,” he said.

Representatives from Kmart and Bunnings declined to comment on whether data was being shared with third parties.

Dr Desmond said a closer look was needed at the connections both companies had with other businesses to understand what else the data could be used for.

“It’s hard to say unless you actually look into the company’s contract connections with other companies, or whether they disclose data-sharing processes and procedures,” he said.

Outpacing legislation

Following Choice’s complaint, the OAIC is investigating whether Kmart, Bunnings and The Good Guys have breached the 1988 Privacy Act.

Dr Desmond said it was “typical” for technology to outpace legal and policy frameworks.

“It’s not until the public raises the alarm and expresses concern about privacy and personal rights that changes to policy and legislation occur,” he said.

Although the technology could be ahead of its time, Dr Desmond said there were questions for the retailers about collecting, storing and using customers’ data.

“Is it being stored locally? Is it being stored off site? How is it being transmitted? Is it being stored in an encrypted format? Or is it in plain digital text or binary that could potentially be breached? If it’s being shared? How is it being shared? How often?

“Data has great value. And the retention of this aggregated data that’s been analysed and created into a package is an absolute goldmine to criminals and to nation states.”

Just the beginning

This sort of technology could soon become the norm in public locations – unless legislation prohibits it from coming into effect.

“We’ll continue to see the use of advanced technologies to include artificial intelligence, machine learning, and various types of collection and reporting, until we see legislation that specifically prohibits either the collection or the sharing and retention of that kind of data,” Dr Desmond said.