Bunnings has defended its use of facial recognition technology (FRT) in stores by releasing confronting CCTV footage of violent customer incidents.
The hardware giant said it used the technology to protect staff against “serious” crimes and violent interactions allegedly perpetrated by a “small number of known and repeat offenders”.
Compilation footage of customers threatening Bunnings staff members with weapons and physically attacking them was released following findings by the Office of the Australian Information Commissioner (OAIC).
Bunnings said the incidents were examples of incidents that have taken place across the entire store network in Australia and New Zealand.
It used facial recognition technology in a trial across stores in NSW and Victoria and said the “vast majority of people was processed and deleted in 0.00417 seconds”.
Privacy commissioner Carly Kind said Bunnings breached The Privacy Act by collecting personal information from customers without consent in the stores between November 2018 and November 2021.
Bunnings would then compare the facial images against past customers who were identified as a risk due to past criminal or violent behaviour.
“Facial recognition technology may have been an efficient and cost-effective option available to Bunnings at the time in its well-intentioned efforts to address unlawful activity, which included incidents of violence and aggression,” Kind said in a statement.
“However, just because a technology may be helpful or convenient, does not mean its use is justifiable.”
Kind said Bunnings chose the “most intrusive option” and interfered with the privacy of everyone who crossed the threshold of those stores in that period, not just high-risk individuals.
She also determined Bunnings did not display enough transparency while using the facial recognition technology.
“Individuals who entered the relevant Bunnings stores at the time would not have been aware that facial recognition technology was in use and especially that their sensitive information was being collected, even if briefly,” Kind added.
“We can’t change our face.
“The Privacy Act recognises this, classing our facial image and other biometric information as sensitive information, which has a high level of privacy protection, including that consent is generally required for it to be collected.”
The OAIC ruling said while governance shortcomings contributed to this, Bunnings did not take reasonable steps to comply with the Privacy Act.
It said Bunnings had been “cooperative throughout the investigation” and had paused the use of facial recognition software during the investigation.
Bunnings was ordered to not repeat or continue acts and practices which interfere with individual privacy.
It was also made to destroy all sensitive information collected by the technology that it holds after one year and has been ordered to publish a statement acknowledging the findings.
“This decision should serve as a reminder to all organisations to proactively consider how the use of technology might impact privacy and to make sure privacy obligations are met,” Kind added.
In a statement, Bunnings managing director Mike Schneider said the retailer would seek a review of the determination.
“We had hoped that based on our submissions, the Commissioner would accept our position that the use of FRT appropriately balanced our privacy obligations and the need to protect our team, customers, and suppliers against the ongoing and increasing exposure to violent and organised crime, perpetrated by a small number of known and repeat offenders,” Schneider said.
“The Commissioner acknowledged that FRT had the potential to protect against serious issues, such as crime and violent behaviour. This was the very reason Bunnings used the technology.
He added: “Everyone deserves to feel safe at work. No one should have to come to work and face verbal abuse, threats, physical violence or have weapons pulled on them.”