NewsBite

Exclusive

‘Need to focus on consent’: Shock Australian venues using face-scanning technology

Facial recognition technology is used at your favourite venues across the country, and Aussies have no idea.

Bunnings release shocking vision after facial recognition breached privacy

Facial recognition technology is used at major sports and music venues across the country, yet half of Aussies have no idea, new exclusive research reveals.

It follows the landmark ruling that Bunnings breached privacy laws by failing to inform customers they were using the technology.

Research by Lonergan for news.com.au revealed 49 per cent of respondents did not know the face-scanning technology was in use at Melbourne’s AAMI Park and Melbourne Cricket Ground; Sydney’s Allianz Stadium, Sydney Cricket Ground and Qudos Bank Arena; or Adelaide’s Coopers Stadium.

Most of those who knew about the software found out through media coverage (47 per cent), rather than from disclosure methods used by the venue – a note on their website (30 per cent), or signs at the door (26 per cent).

Lyn Nicholson, general counsel at Holding Redlich and data law expert, argued neither approach went far enough to secure informed consent.

She said entrance signage did not give patrons a real choice, as walking away meant forfeiting the cost of their ticket, and that “the privacy commissioner and the ACCC commissioner have both stated that you can’t bury key details in the middle of lengthy terms and conditions”.

Digital rights advocate Dr Kate Bower said most patrons purchased tickets from other vendors such as Ticketek and had “no idea” they were consenting to terms on the venue’s website.

More than a quarter of Australians (29 per cent) did not feel they had consented to the use of facial recognition technology (FRT) just because it was listed in the terms of entry and on venue signage, according to the Lonergan research.

Australia's Privacy Commissioner Carly Kind ruled that Bunnings breached privacy laws in its use of facial recognition technology. Picture: Supplied
Australia's Privacy Commissioner Carly Kind ruled that Bunnings breached privacy laws in its use of facial recognition technology. Picture: Supplied

However, stadiums were not currently in privacy commissioner Carly Kind’s crosshairs.

Ms Kind said the Office of the Australian Information Commissioner would continue to monitor FRT use and consider where regulatory intervention was required, but “the onus is on organisations to reassess their own practices and ensure they comply with our guidance”.

“Operators should make sure that the use of FRT is necessary and proportional, and determine whether there are less privacy intrusive means of achieving the same outcome,” she said.

“Data collection should be minimised. Operators also need to focus on consent and transparency and make sure any biometric data that is collected is accurate and that the potential for bias and discrimination is addressed.”

Data law expert Lyn Nicholson said entities using facial recognition software had been put “on notice”. Picture: Supplied
Data law expert Lyn Nicholson said entities using facial recognition software had been put “on notice”. Picture: Supplied

Ms Nicholson said the Bunnings determination had put all entities using FRT “on notice” and that many would now be reassessing their need for the technology.

But Australian Privacy Foundation chair and cyber law expert David Vaille said a financial penalty for Bunnings would have sent a stronger message.

He pointed to European regulators who use “their big stick” for serious privacy breaches.

“They have options of penalties of up to 4 or 10 per cent of [the offending organisation’s] global turnover,” he said.

Many legal experts argued current privacy laws weren’t fit to regulate FRT.

Law Council of Australia President Greg McIntyre SC said society’s use of technology had changed significantly in the 30 years the Privacy Act had been in operation.

“In the absence of adequate privacy safeguards and oversight, the use of facial recognition technology has the potential to significantly infringe on the privacy rights of individuals when applied inappropriately or inaccurately,” he said.

Australian Privacy Foundation’s David Vaile believes penalties for the misuse of FRT should be harsher. Picture: Anna Kucera
Australian Privacy Foundation’s David Vaile believes penalties for the misuse of FRT should be harsher. Picture: Anna Kucera
Fans at CommBank Stadium will soon be subject to face-scanning technology. Picture: Jason McCawley/Getty Images.
Fans at CommBank Stadium will soon be subject to face-scanning technology. Picture: Jason McCawley/Getty Images.

One in 14 (7 per cent) Australians said they would stop attending venues that used FRT once they were aware of it, according to the Lonergan research.

Another 13 per cent would favour another venue if there was an alternative.

However, most respondents did not plan to change their behaviour – either because they did not want to miss out on events (13 per cent), did not understand enough about the technology (16 per cent) or were not worried by its use (50 per cent).

Two more stadiums are set to roll out FRT soon, with the NSW Government expected to open tenders for the project at Accor and CommBank Stadiums by the end of the year.

Originally published as ‘Need to focus on consent’: Shock Australian venues using face-scanning technology

Add your comment to this story

To join the conversation, please Don't have an account? Register

Join the conversation, you are commenting as Logout

Original URL: https://www.dailytelegraph.com.au/technology/online/need-to-focus-on-consent-shock-australian-venues-using-facescanning-technology/news-story/3b58543af6914853912e68e6314375a9