SYDNEY (Reuters) - Wesfarmers-owned Bunnings, the country's biggest home improvement chain, breached the privacy of thousands of customers by using facial recognition technology without gaining consent, an Australian watchdog has found.
Bunnings compared the faces of customers against individuals it had stored in a database who had been identified as having a history of past crime or violent behaviour, according to the Office of the Australian Information Commissioner (OAIC). The system automatically deleted images if no match was found.
The technology may have been an efficient and cost-effective option for Bunnings to tackle unlawful activities but that does not mean its use can be justified, Privacy Commissioner Carly Kind said in a statement.
Bunnings failed to take reasonable steps to notify individuals that their personal information was being collected and did not include required information in its privacy policy, she added. The company has been ordered to destroy all personal information and stop practices that could impact the privacy of customers.
Bunnings said it was deeply disappointed with the decision and that it would approach the Administrative Review Tribunal to seek a review.
"We believe that customer privacy was not at risk. The electronic data was never used for marketing purposes or to track customer behaviour," Bunnings Managing Director Mike Schneider said in a statement.
The facial recognition system captured details of customers who visited 63 stores in the states of Victoria and New South Wales between November 2018 and November 2021, the watchdog said.
Facial images and other biometric information are considered sensitive under Australia's privacy law, and the OAIC decision could influence how businesses might deploy facial recognition technology in the future.
In 2022, Consumer group CHOICE complained to the government agency that three retail chains, including Bunnings, were using "unreasonably intrusive" facial recognition technology.