Hitachi revealed as Bunnings’ facial recognition supplier at OAIC appeal hearing

Details about the facial recognition system Australian retailer Bunnings deployed for theft prevention are emerging from an Administrative Review Tribunal hearing as the chain appeals the ruling that it violated the country’s privacy laws.

Hitachi supplied the face biometrics technology, MLex reports.

The Office of the Australian Information Commissioner (OAIC) published Commissioner Carly Kind’s verdict that Bunning’s use of facial recognition violated rules against collecting personal information with meeting the informed consent requirements laid out in Australia’s Privacy Act.

At the five-day tribunal hearing, lawyers representing Bunnings argued that the personal information in question is the facial photos the biometric templates are derived from, and those photos are deleted immediately after the templates are generated. As such, they are not stored, and therefore don’t qualify for the informed consent requirement.

Bunnings’ lawyer Ruth Higgins outlined the five steps in Hitachi’s facial recognition process, in which only vectors are stored in the database, and human intervention is not involved at any stage. The OAIC’s judgement was not about the use of CCTV cameras, Higgins said, but rather the biometric system.

The lawyer representing the OAIC argued that even if deleted very quickly, the images were still stored by the system, and therefore the Act’s requirements apply to it.

A day later, a former Bunnings security chief said the company’s staff manually double-checked alerts from the system before approaching customers, according to a separate report from MLex.

The two sides also presented contrasting views of whether exceptions to the Act in the form of “permitted general situations” apply. Bunnings argues that even if it did store images, an exception applies because their purpose is to protect staff from violent customers. The OAIC’s side argued that the “extreme circumstances” required for such an exception were not present.

The retailer has also suggested that requiring it to obtain consent from every customer is “unreasonable.”

Lawyers for the OAIC also questioned Bunnings’ claims that theft incidents have increased, arguing the number of incidents per store had fallen.

“We can’t emphasize enough that we used FRT for the sole and clear intent of keeping our team and customers safe, and preventing unlawful activity by repeat offenders,” Bunning Group Managing Director Mike Schneider says in a video published to explain the company’s reasoning in using the technology and challenging the OAIC’s ruling.

Kind has made clear subsequent to her rulings against Bunnings and Kmart that she does not see the Privacy Act as actually prohibiting facial recognition use in public spaces, arguing that it merely sets a high bar for consent.

Article Topics

Australia  |  biometric template  |  biometrics  |  data privacy  |  facial recognition  |  Hitachi  |  Office of the Information Commissioner (OAIC)  |  retail biometrics