Retail giant Kmart has been found to have breached the Privacy Act with its facial recognition program, three years after a CHOICE expose revealed the invasive technology was in use across Australia.
In 2022, CHOICE reported that Kmart, along with Bunnings and The Good Guys were capturing the biometric data, or unique facial features known as a 'face print', of customers entering their stores.
Our investigation prompted the Office of the Australian Information Commissioner (OAIC) to launch a probe into whether privacy laws had been breached with the Facial Recognition Technology (FRT).
In 2024, Privacy Commissioner Carly Kind found that Bunnings had breached the law and today an announcement was made that Kmart had done so too.
Kmart sought to justify its use of FRT in stores between June 2020 and July 2022 as a measure to prevent refund fraud. However, the Commissioner said Kmart did not seek customer consent to collect biometric information and its collection was not proportional, as there were other means available to address refund fraud.
"I do not consider that the respondent (Kmart) could have reasonably believed that the benefits of the FRT system in addressing refund fraud proportionately outweighed the impact on individuals' privacy," Kind says.
No penalty
OAIC did not seek a financial penalty against Kmart in this case, similar to the case with Bunnings last year.
In a statement a Kmart spokesperson says they are "disappointed" with the ruling and are reviewing options to appeal the determination.
"Like most other retailers, Kmart is experiencing escalating incidents of theft in stores which are often accompanied by anti-social behaviour or acts of violence against team members and customers," the spokesperson says.
Commissioner Kind says that despite the two rulings against Bunnings and now Kmart, FRT was not 'banned' in Australia.
"The human rights to safety and privacy are not mutually exclusive; rather, both must be preserved, upheld and promoted. Customer and staff safety, and fraud prevention and detection, are legitimate reasons businesses might have regard to when considering the deployment of new technologies. However, these reasons are not, in and of themselves, a free pass to avoid compliance with the Privacy Act," she stated.
We're on your side
For more than 60 years, we've been making a difference for Australian consumers. In that time, we've never taken ads or sponsorship.
Instead we're funded by members who value expert reviews and independent product testing.
With no self-interest behind our advice, you don't just buy smarter, you get the answers that you need.
You know without hesitation what's safe for you and your family. And our recent sunscreens test showed just how important it is to keep business claims in check.
So you'll never be alone when something goes wrong or a business treats you unfairly.
Learn more about CHOICE membership today
Stock images: Getty, unless otherwise stated.
