BusinessRegulatory

Privacy commissioner finds Kmart breached privacy laws with FRT 

Kmart store
Kmart deployed FRT between June 2020 and July 2022 at 28 stores. (Source: Bigstock)
By Sean Cao

Kmart has breached privacy laws by collecting customer information through facial recognition technology (FRT) designed to tackle refund fraud, privacy commissioner Carly Kind finds.

Kmart deployed FRT between June 2020 and July 2022 to capture the faces of people entering 28 of its stores. The company said this was an attempt to identify individuals committing refund fraud.

According to the commissioner, Kmart did not notify shoppers or seek their consent about the collection of their biometric information, which is sensitive personal information protected by the Privacy Act.

There is an exemption in the Act that applies when organisations reasonably believe that they need to collect personal information to tackle unlawful activity. However, the commissioner said the information of every individual who entered a store was “indiscriminately” collected by Kmart’s FRT system.

Considering that the FRT system impacted on the privacy of many thousands not suspected of refund fraud, the collection of biometric information was a disproportionate interference with privacy, she continued.

The commissioner added that there were other less privacy-intrusive methods available to Kmart to address refund fraud.

“Understanding how FRT accords with the protections contained in Privacy Act requires me to balance the interests of individuals in having their privacy protected, on the one hand, and the interests of entities in carrying out their functions or activities, on the other,” Kind said.

“I do not consider that Kmart could have reasonably believed that the benefits of the FRT system in addressing refund fraud proportionately outweighed the impact on individuals’ privacy,” she added.

To reach the conclusion, the commissioner had considered factors including the estimated value of fraudulent returns, the limited effectiveness of the FRT system, and the extent of the privacy impacts.

The determination is the second issued by the Office of the Australian Information Commissioner (OAIC) on the use of FRT. Last October, the privacy commissioner also found that Bunnings Group had contravened privacy laws through their use of FRT in 62 stores.

Recommended By IR

David's Bridal CEO Kelly Cook standing in front of a rack holding several bridal dresses.
Strategy IR Pro

VIDEO: Kelly Cook on connecting with customers on an emotional level

Nicole Kirichanskaya
Walmart store sign
Supermarkets IR Pro

Behind Walmart’s e-commerce win: Logistics, memberships and a tariff storm

Michael Baker
Image of Freedom Furniture storefront.
Strategy

Freedom Furniture sold to Amart as Greenlit Brands continues divestment strategy

Darshana Gupta
Pop Mart jewellery Popop store
Openings & closings

Pop Mart launches jewellery concept store

Casey Hall
Shopping centres & malls IR Pro

Why visiting a mall in Thailand feels more like sightseeing than shopping

Irene Dong
EsteeLauder-Leonard-Lauder
Health & beauty

Estee Lauder chairman passes away at 92

My Nguyen
Are you sure you want to leave?
Yes, leave this page Stay
You have 7 articles remaining. Unlock 15 free articles a month, it’s free.