Australia’s privacy commissioner Carly Kind has confirmed she will not appeal a tribunal ruling that allows hardware retailer Bunnings to use facial recognition technology to identify banned individuals entering its stores.
The decision follows a ruling last month by the Administrative Review Tribunal (ART) that overturned an earlier determination by the Office of the Australian Information Commissioner (OAIC), which had found Bunnings’ use of the technology breached privacy laws.
The tribunal concluded the retailer could deploy facial recognition systems for the purpose of detecting previously banned customers and preventing unlawful behaviour inside stores.
Kind said the deadline to appeal the ruling had now passed and her office would not pursue further legal action.
However, she stressed the tribunal decision should not be interpreted as broad approval for widespread deployment of facial recognition technology across the retail sector.
“Retailers should view the decision as a useful case study, rather than a green light for deployment of biometric technologies,” Kind said.
Balancing privacy and public safety
The privacy commissioner said the tribunal’s ruling clarified how Australia’s Privacy Act can apply when businesses attempt to balance privacy rights with safety concerns.
“The tribunal’s decision shows that Australian privacy law allows for the balancing of competing interests – the individual and public interests in privacy on the one hand, and the need to protect public safety and address unlawful activity on the other,” she said.
Bunnings introduced the facial recognition system as part of security measures aimed at preventing repeat incidents involving customers who had been banned from its stores.
Retailers have increasingly explored biometric technology as a tool to reduce theft, violence and other forms of disruptive behaviour in large retail environments.
“High bar” for biometric technology
Despite the tribunal ruling, Kind warned that organisations considering similar technology would still face strict legal requirements under Australian privacy law.
She said companies must undertake detailed risk assessments before deploying facial recognition systems and carefully assess whether their use is proportionate and necessary.
“There will still be a high bar for the use of facial recognition technology in Australia,” she said.
The privacy regulator also confirmed it would update its official guidance to reflect the tribunal’s decision and provide clearer information to retailers seeking to understand how the law applies to emerging biometric technologies.
The debate over facial recognition technology has intensified globally as governments and regulators weigh the benefits of improved security against concerns about mass surveillance and the collection of sensitive biometric data.
