Kmart's use of facial recognition to tackle refund fraud unlawful
6 hours ago
- #retail
- #privacy
- #facial_recognition
- Kmart Australia breached privacy by using facial recognition technology (FRT) to collect biometric data without consent.
- FRT was deployed in 28 stores from June 2020 to July 2022 to combat refund fraud, capturing faces indiscriminately.
- The Privacy Commissioner found the collection disproportionate, citing less intrusive alternatives and limited effectiveness.
- Kmart argued an exemption under the Privacy Act for tackling unlawful activity, but the Commissioner rejected this claim.
- This follows a similar ruling against Bunnings in 2024 for FRT use in 62 stores, currently under tribunal review.
- The decisions emphasize balancing privacy rights with business needs, without banning FRT outright.
- The OAIC provides guidance on assessing privacy risks for FRT, stressing proportionality and transparency.
- Kmart ceased FRT use in 2022 and cooperated with the investigation.