The use of facial recognition technology by retailers is to be examined by the Office of the Australian Information Commissioner (OAIC) to determine if the use of technology to collect personal information about other people complied with the privacy law.
Following information provided by the consumer advocacy group CHOICE, the OAIC Australian Information Commissioner and Privacy Commissioner Angelene Falk said that when shop owners were deciding whether to use technology to collect personal information, it was important they consider its impact on privacy, the community’s expectations and the need to comply with privacy law.
“The Privacy Act generally requires retailers to only collect sensitive biometric information if it’s reasonably necessary for their functions or activities, and where they have clear consent,” Commissioner Falk said.
“While deterring theft and creating a safe environment are important goals, using high privacy impact technologies in stores carries significant privacy risks,” she said.
“Retailers need to be able to demonstrate that it is a proportionate response to collect the facial templates of all of their customers coming into their stores for this purpose.”
Commissioner Falk said the OAIC commissioned a survey in 2020 which found that the majority of Australians were uncomfortable with the collection of their biometric information in a shop or a retail store, with 52 per cent uncomfortable and only 25 per cent comfortable.
“In line with community attitudes, retailers should consider whether they can achieve their goals in a less privacy intrusive way,” she said.
The Commissioner said that in December last year, the OAIC made a submission to the Attorney-General’s Department’s review of the Privacy Act 1988 recommending the Act be amended to prohibit commercial uses of “one-to-many” facial recognition technology, with limited public interest exceptions.
She said the OAIC also recommended the introduction of a requirement that all personal information handling was fair and reasonable.