Bunnings Breached Privacy Laws by Using Facial Recognition on Customers, Privacy Commissioner Finds

HamBoi69 on 19/11/2024 - 10:35

Pretty poor form from Bunnings/Hammerbarn.

In short
A landmark decision by the Privacy Commissioner has found hardware chain Bunnings breached privacy laws by using facial recognition technology on its customers.
Retailers argue the technology helps prevent theft, but the Privacy Commissioner says Bunnings did not gain proper consent to capture people's unique biometric data.

What's next?
The Commissioner has ordered Bunnings not to repeat the behaviour and to destroy all personal information collected.

ABC article

Shame there won’t be a financial penalty.

General Discussion

Related Stores

Bunnings Warehouse
Bunnings Warehouse
Marketplace

Comments

    • GordonD on 20/11/2024 - 18:20
      +1

      Totally agree.

      What sort of example does it set when a company does the right thing for its employees and good customers, and the only people who are inconvenienced are shoplifters and ones who are violent, and the company is punished.

      • gyrex on 20/11/2024 - 19:36

        Our broken injustice system only serves criminals and their interests and the taxpayers/businesses and victims who fund this system are largely forgotten about. This system is self perpetuating and continues to feed itself by allowing the lawyers, magistrates and judges who all have their snouts in the trough to prosper at the expense of victims. The whole system needs to be investigated yesterday and magistrates and judges who have a history of failing to protect the public should be sacked immediately and prosectured for failing in their duty.

  • bobbieb on 20/11/2024 - 17:38

    LOL…what a media beat up.

    Oh no, won't you please think of the saw-off shotgun wielding thugs. They have the right to privacy too.

    Yeah, nah.

    • jaimex2 on 21/11/2024 - 12:13

      Yeah cos they'll come in with their faces exposed.

  • BuddhaBoy on 20/11/2024 - 18:55
    +2

    Well done Bunnings - giving safety as top priority for its staff. Hope they can sort whatever the breach is with the commission and continue the facial recognition in all stores.
    People complaining should look into their Apple and Android devices.

    • Friendly Troll on 21/11/2024 - 11:07
      +1

      They can still use CCTV which is everywhere.

      People complaining should use GrapheneOS for their phones.

  • Fredfloresjr on 20/11/2024 - 20:55
    -2

    Ahaahahahahahahahahaha only losers and weirdos in real life are against this. Ahahahaahaha imagine you are affected because camera is recognising your face on a Public. Ffs ahahaahahah

    Never go to Singapore and China too. Ahahah

    • HangryCakeStore on 20/11/2024 - 21:34
      -4

      Ikr? It’s the winged aggressive looking bogan tradies driving utes in mullets that complain 😂

    • Friendly Troll on 21/11/2024 - 11:11

      Camera "recording" and "software recognising" are different things.

  • juki on 20/11/2024 - 21:24

    for once it doesnt bother me so much, its for theft, they arent changing prices based on me showing up, i dont take my mistresses or conduct illegal activities in bunnings, and cant imagine a scenario in which it would be detrimental. All my neighbours have security cams up, floodlights pointing on their driveway, it doesnt seem to matter (while it would be illegal and torn down in most of europe). meh - maybe emergency departments and hospitals should do this too

  • King Tightarse on 20/11/2024 - 22:09

    The problem is data aggregation. If it was just for safety, they could just record normally.
    With facial recognition they have your face and payment method - easy to add it to in your socials, they record cars & number plates so they add that, note family and friend associations. Hover time with certain products, average spend, probable wealth etc tec.
    In no time there is massive, accurate file on you.

    • SailorGoon on 21/11/2024 - 02:16
      +1

      Not sure why you’d be negged. Very valid and already in the works (in other places). People forget the protections established to prevent indirect discrimination in mortgages.
      People also seem to think our faces would not merely sit in Bunnings databases… they will inevitably be leaked and the associated data exploited. Identity theft… deepfake scams…

      • gromit on 21/11/2024 - 07:11

        probably because he added a lot of irrelevant information as did you. The data was not being aggregated or stored, it wasn't being matched against anything except the known offenders and then deleted. So nothing to leak or associate or create deepfakes, Your picture is already stored on thousands of security camera recorders everywhere, that presents far more risk than what they were doing here.

        • resisting the urge on 21/11/2024 - 10:07

          Until they decide to send data elsewhere for data-matching services and automation, made available by third parties.

          And if they are not already sharing it. Which (it seems from the findings), the privacy commissioner has failed to ask- along with exactly how many parties are actually able to connect to the devices in the CCTV and FRT system, let alone access the data they provide, emit, and store. Or to consider whether Bunnings' controls (as in place at the start) were appropriate from the perspective of the customers from which the data was stolen.

          Of course all that is assuming the IoT devices they use are not somehow compromised, and are appropriately maintained and checked, to ensure they remain secure and do not leak data.

        • King Tightarse on 21/11/2024 - 11:38

          @gromit How do you know that?
          There are all kinds of possibilities that open up with facial recognition. For example, they may hash the key data points of your face data and store that but not 'technically' store the image, like they do with credit and debit cards and then keep that data and match it for marketing. They do that every day.
          Cameras with facial recognition bring a world of new marketing possibilities.

          • gromit on 21/11/2024 - 11:46

            @King Tightarse: well I can only go by what the report said and what bunnings said. If you think the privacy commissioner and bunnings are all lieing then I think that is on you to prove.

            • King Tightarse on 21/11/2024 - 11:47

              @gromit: It is a well crafted PR release with an emphasis on the employee safety angle.
              I am talking about what is possible and what might happen. I am not saying it definitely is but it opens up the possibility and Bunnings are not saying. Did you ever hear Flybuys say "oh yes we hash your credit card numbers and the match data wherever you shop over our network?"
              You might hear Coles say 'we never keep credit card numbers' , but that is misleading because they do hash the numbers and store them but no press release will ever mention it.

              • gromit on 21/11/2024 - 12:51

                @King Tightarse: Sure, they could also put up auto cannons and mow down suspected shoplifters. They could do lots of things, but that is why we have laws about what they can and cannot do. This one fell on a very hazy line where what they are doing appears logical and to comply with the law, however the commissioner took a different view. Personally in this case I see Bunnings as in the right, if they do something different next time that view may change.

                • King Tightarse on 21/11/2024 - 13:06

                  @gromit: ' they could also put up auto cannons and mow down suspected shoplifters'
                  C'mon Gromit that is a ridiculous statement and in no way match to the real world examples I gave.

                  Flybuys are doing it right now and have been for years with credit card data. It is no stretch at all to suggest they would do it with hashed facial recognition data too. It happens in many other places. There is a strong precedent and obvious advantages for them.

                  Also they may well have one position with regarding the data now to get customers used to it and then change their approach after a few years.
                  That also would be quite possible as people get used to the idea.

                  • gromit on 21/11/2024 - 13:23

                    @King Tightarse: Your real world examples were also a blatant breach of laws so yes it is as realistic. If a company wants to breach laws then absolutely go after them, but pretending "oh shit they are evil as they theoretically 'could' do X or Y" is just dumb.

                    • King Tightarse on 21/11/2024 - 13:52

                      @gromit: My Coles and Flybuys examples are actual not theoretical! They are not beaching any current laws that i know of.
                      Nothing 'dumb' about discussing reasonably likely possibilities with other stores.
                      https://www.smh.com.au/technology/coles-reveals-customers-da…

                      • gromit on 21/11/2024 - 14:07

                        @King Tightarse: Coles and Flybuys you have given permissions for them to use your data in this way. When you sign up it is in their privacy and terms of use that they get to use your data that way and hence are not a breach as you have allowed them to do that by signing up. Were they to do that without permission it would absolutely be a breach.

                        • King Tightarse on 21/11/2024 - 14:30

                          @gromit: Yes thats true. It is hidden deep in the terms of service - most people do not read it or realise what is actually happening with their data when they tick 'yes' to the T&S with a simple click

                          • gromit on 21/11/2024 - 15:33
                            +1

                            @King Tightarse: absolutely true. still if people want to care about their privacy then that is on them for not reading those terms. I seem to be one of the rare people that actually read all the T's & C's for insurance, contracts, privacy, security, data sharing etc. If people don't care enough to read then they have no one to blame but themselves.

  • Cheap Gamer on 20/11/2024 - 23:44

    The spin is that it protects staff, but it could also be used to track staff. Just imagine what AI could do with it. Orwell, what can you do?

  • 2025 on 21/11/2024 - 00:02
    -1

    Wow I was born with inbuilt facial recognition, hope I don’t get asked to destroy all the data in my brain

    Some of the assistants at the shops recognise me. That’s a gross breach of privacy laws, remembering my biometric data and name like that.

    Even the guy next door recognises me. I never gave him permission to do that.

    • SailorGoon on 21/11/2024 - 02:18

      You can’t be serious…
      You’re drawing an analogy between the ordinary memory of individuals and sophisticated facial recognition / behavioural analytics?

      • 2025 on 21/11/2024 - 07:35

        sophisticated facial recognition / behavioural analytics

        Hate to break it to you but humans have been doing that for millennia

        • resisting the urge on 21/11/2024 - 10:13
          -1

          And humans been attacking each other for Millenia too.

          Do you mean to suggest that the coming robot army is fine, because it will only do what we've been doing to each other all this time?

          Or that it is okay for Corporations to remotely attack entire cohorts/populations?

          • 2025 on 21/11/2024 - 11:21

            @resisting the urge: I don’t go out in public and expect or tolerate being attacked, so no, the robot army can go home.

            On the other hand, I have no problem showing my face in public and totally expect to be recognised or judged, infact humans are more judgy than any machine I’ve seen.

  • ShMiCk on 21/11/2024 - 09:10

    I’m all for protecting the workers, as the Bunnings manager mentioned in the interview to the reasoning.

    But if that is the case, why don’t they have big signs at the front while you’re walking in that you’ll be subjected to this tech? Signage is a huge deterrent, footage is after the fact.

    Its all BS about “protecting” their workers.

    • lovafo on 21/11/2024 - 10:14
      +1

      they have signs everywhere at banks and it's a known fact that 99% of the population would know but we still have bank robbery

  • bobolo on 21/11/2024 - 09:10

    This is the real reason why people wear masks. Throw on a pair of sunglasses and you cannot be recognized.

    • JIMB0 on 21/11/2024 - 18:31

      Add a stone in your shoe so they can't identify your walk.

  • lovafo on 21/11/2024 - 10:11

    Personally if they communicate this well with customers and the public they would not have had any issue with the laws. And I don't mind this at all if it's true my image is only stored for a fraction of a second to be scanned against known criminals knowing that none of those fwits is in the store at the same time as me.

    IF this is done at airports or public transport places to prevents another 9/11 I bet everyone would say that's a good idea?

    Cameras are everywhere now you are seen and recorded almost every time you go out of your house. You even have your own security cameras at your house recording other people.

  • Nebargains on 21/11/2024 - 11:34

    I frankly don't understand this decision. CCTV/recording is OK, but facial recognition is not OK?

  • squaredonut on 21/11/2024 - 16:28

    I think what they've done is wrong, by capturing the information without allowing people to agree to it, even though the premises are owned by them.

    If they are genuinely just trying to identify problematic people from returning, I wonder if it's ok to put it simply at the front door just before you enter and put a disclaimer. I wouldn't want the recognition to be active throughout the entire store so it can create a profile on what I am purchasing and what not.

    Or maybe with the high theft they would just have to do what Home Depot does in the US and just put everything behind locked cages.

    It's usually the tools that's stolen and worth the most.

Login or Join to leave a comment
Login Join