Recent rulings show retailers can’t take customer privacy lightly, especially when using Facial Recognition Technology (FRT).
In September, the Privacy Commissioner found that Kmart breached privacy rules by using FRT across nearly 30 stores without proper disclosure. This follows a similar ruling against Bunnings last year, signaling closer scrutiny of retail surveillance.
Where Kmart went wrong:
- Collected sensitive biometric data without consent.
- Failed to inform customers of FRT use.
- Didn’t clearly explain data practices in privacy policies.
The Commissioner weighed the business need to prevent fraud against customer privacy and concluded that Kmart’s approach didn’t justify the privacy risks.
The fallout:
Kmart must publicly apologise and detail its FRT use online and in stores. While FRT itself isn’t banned, this case shows transparency and consent are non-negotiable.
Key takeaway for business owners:
Customer privacy isn’t optional. Ensure you only collect what’s necessary, are transparent about your practices, and properly reflect this in your policies. Protecting privacy isn’t just legal compliance – it builds trust.
Need guidance? Bolter can help you navigate privacy laws and ensure your surveillance practices are compliant and customer-friendly. Reach out to us today.