FB pixel

Australian privacy commissioner puts facial recognition on watch in new plan

OAIC seeks to grow regulatory functions as overseer and evangelist for digital ID
Australian privacy commissioner puts facial recognition on watch in new plan
 

Australia’s Office of the Information Commissioner (OAIC) is prioritizing its role as privacy regulator for the country’s digital ID system, according to its newly released corporate plan for the next three years.

“We will be undertaking work to ensure Australians’ privacy is protected as the Digital ID system is expanded,” the document says. “Digital ID will allow Australians to verify their identity online in a secure, convenient and voluntary way while reducing the amount of personal information that needs to be shared.”

The role involves a bit of a balancing act, in that OAIC is promising to be both watchdog and shepherd, helping stakeholders understand digital ID privacy standards with published resources and direct support – even as they police violations.

“The OAIC will foster community trust in and uptake of Digital ID through our new role as privacy regulator for the system,” it says, noting that digital identity will eliminate the need to share and store of identity documents, thereby reducing “a significant source of risk in Australians’ digital lives.”

On the other hand, it will also “provide assurance to the community of the privacy protections in the Digital ID system by using our range of enforcement powers to ensure individuals’ privacy is protected.” A later section in the document outlines the OAIC’s newly honed harm-focused and risk-based approach to regulation.

Biometrics among new technologies OAIC intends to flex on

The plan also includes some of the finer details on Australia’s digital ID rollout. The organization will “ensure there are strong privacy safeguards for people who choose to use Digital ID with an accredited provider. Digital ID will have a phased roll out of the government system to non-government participants.”

Outside of digital ID, the OAIC’s general move to grow its regulatory functions and powers also extends to so-called “emergent technologies” that have “a large impact on privacy,” including facial recognition and AI. It notes, as others have, that these technologies offer new benefits but also bring new risks.

Some offenders have already drawn the regulatory’s increasingly watchful eye. The OAIC is investigating the personal information handling practices of certain corporate entities linked to high-profile data breaches, and is “also investigating Bunnings and Kmart, focusing on the companies’ use of facial recognition technology.”

Regulator finally happy with 7-Eleven after facial recognition fiasco

Australia’s 7 News reports that the office recently wrapped up an investigation into 7-Eleven’s use of facial recognition technology, which came after the retailer was determined to be in breach of the Privacy Act in capturing 1.6 million faces on tablets, ostensibly for customers to offer feedback. Recorded faces were sent to an unnamed third party service provider, which used software to generate “an encrypted algorithmic representation of the face (face print) in the form of a string of characters.”

The provider then ran the faceprint through two processes: a “Detect API” that “assessed and recorded inferred information about the customer’s approximate age and gender” for broad demographic profiling; and a “Similarity API”, which “looked for faceprints that were similar” to weed out repeat survey respondents.

While 7-Eleven promised to stop the practice, “the controversial technology within the customer survey tablets was activated again in stores throughout 2023, and captured an additional 45,874 faces.” In a rather doubtful reassurance, the OAIC found that the second implementation was an accident triggered by an update by the third party provider, and that neither 7-Eleven nor the provider knew face biometrics were still being collected.

The OAIC is now satisfied that 7-Eleven “has implemented practices and procedures to prevent any further recurrence of the conduct and undertaken a review of its privacy practices to enhance the protection of personal information that it holds.”

However, it also notes – once again – that it intends to keep a watchful eye on facial recognition in general, calling it “a regulatory priority for the agency,” and likely to remain so for a long time.  “Work in this space is complex and lengthy, and the volume is expected to increase as the OAIC continues to prioritize our regulatory effort based on risk of harm to the community.”

Related Posts

Article Topics

 |   |   |   |   | 

Latest Biometrics News

 

Biometrics race for the borders

Biometrics to ease border crossings are a major theme of the week among Biometric Update’s most-read articles of the week….

 

US election likely to be a missed opportunity to advance digital ID policy

The 2024 U.S. election represents an opportunity for social dialogue around digital identity policy in the wake of a series…

 

India to pilot Digi Yatra for foreign nationals in 2025

India is planning an international pilot project for June 2025 that will see the introduction of facial recognition technology beyond…

 

Papua New Guinea advances digital ID, wallet and govt platform to pilot

Papua New Guinea has stood up a new digital ID, wallet and online government platform, and plans to pilot them…

 

UK police organized crime unit seeks new facial recognition software

The UK’s main law enforcement agency against organized crime is looking into new facial recognition solutions, as the country doubles…

 

The EUDI Wallet was not meant for age assurance: AVPA

The European Union should not look at the EU Digital Identity (EUDI) Wallet as an age-assurance solution to keep minors…

Comments

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Most Read This Week

Featured Company

Biometrics Insight, Opinion

Digital ID In-Depth

Biometrics White Papers

Biometrics Events