Bunnings worked with Victoria Police on it facial recognition database
The hardware giant says recordings of customers as part of its use of facial recognition technology stayed within its stores and it worked with Victoria Police during a trial of the system.
Bunnings has revealed recordings of its customers as part of its use of facial recognition technology stayed within its stores, with no sensitive information uploaded to the cloud, and it worked with Victoria Police during a trial of the system.
The Office of the Australian Information Commissioner has criticised Bunnings’ “indiscriminate surveillance” of customers via facial recognition technology (FRT), saying “by its very nature it captures the personal information of all customers, including children”.
Bunnings compared a customer’s face against a “limited database” of less than 500 banned people, working with Victoria Police to identify those individuals. The Wesfarmers-owned hardware chain said children’s privacy was “critical” and its “policy was to never include children on our database”.
It defended its use of FRT – despite being illegal in Australia without a person’s consent – saying its sole purpose was to prevent violent crime in its stores, and it required human oversight.
Bunnings said its FRT system was only accessible by six “specially trained Bunnings team members who were located in a centralised location”.
“No other team members had access to the FRT,” it added.
The system also did not automatically alert police of a threat. After it detected a customer that had been banned from one of its stores for abusive, violent behaviour or committing a crime, one of the six staff members performed a manual check to verify that it was an accurate match.
They then determined the best course of action, which usually was calling law enforcement. If there was no match, customer data was deleted in “0.00417 seconds”, Bunnings said.
Bunnings said the database was reviewed regularly, with individuals enrolled and removed over the course of its use but at its peak, there were less than 500 people on the list.
It released graphic video footage this week of people – one wearing a balaclava – brandishing firearms and sharp objects at its stores. Bunnings said its “sole and clear intent” of using FRT was keeping its staff and customers safe, “preventing unlawful activity, with strict controls around its use”.
The use of FRT complemented extensive training, resources, leadership tools and policies Bunnings has in place to equip its team to handle threatening situations.
On Thursday, Bunnings confirmed that no customer biometric details were uploaded to the cloud or to third-party providers, with its use of FRT being a “completely on premise” solution, saying there was no third-party hosted services or cloud computing infrastructure involved.
But an investigation by the Office of the Australian Information Commissioner (OAIC) found the retailer had invaded the privacy of hundreds of thousands of customers through the use of the cameras at 63 stores across Victoria and NSW.
“One of the reasons that indiscriminate surveillance via facial recognition systems is so concerning is that by its very nature it captures the personal information of all customers, including children,” an OAIC spokesman said.
Nicholas Dynon – innovation and risk manager at Optic Security Group, who is a counter terrorism expert and completed a peer reviewed article in the National Security Journal – says people are generally less accepting of facial recognition (FRT) cameras in retail stores than they are in airports and police investigations.
“FRT is a powerful tool that offers many potential security – and other – benefits. But what may be viewed by an organisation as a revolutionary crime prevention and business improvement capability may be viewed by many of its customers or employees as technological overreach and a threat to individual privacy and freedoms,” Mr Dynon said.
Bunnings managing director Mike Scheider said the company believed “that customer privacy was not at risk”.
“The electronic data was never used for marketing purposes or to track customer behaviour. Unless matched against a specific database of people known to, or banned from stores for abusive, violent behaviour or criminal conduct, the electronic data of the vast majority of people was processed and deleted in 0.00417 seconds – less than the blink of an eye,” he said.
Bromance to brawl: Musk vs Altman goes nuclear
The two tech titans are in the meanest fight in business. The stakes couldn’t be higher.
OpenAI rejects Elon Musk’s takeover offer
The ChatGPT maker’s board unanimously turned down the billionaire’s unsolicited $153bn bid.