In a decision this week, Bunnings has been authorised to use facial recognition technology on customers in its stores as a crime-prevention measure, after an administrative review tribunal overturned a 2024 ruling by the Australian privacy commissioner. The move, described by the retailer as a security enhancement, comes as questions about privacy protections and data handling in public spaces continue to surface across the country.
What we know
- Status of approval: A tribunal has granted Bunnings the green light to employ facial recognition technology to support crime prevention initiatives within its stores.
- Judicial reversal: The decision marks a reversal of a prior ruling by the privacy commissioner, indicating a shift in how retailers may use biometric tech in the retail environment.
- Scope of use: The program is described as a security measure intended to deter and identify behaviour linked to criminal activity, rather than for routine profiling.
- Operational context: The technology is expected to operate in-store as part of security and loss-prevention strategies, with implementation details still to be clarified by the company and regulators.
- Privacy safeguards debated: The ruling has reignited debate about how biometric data is collected, stored and used in public settings, and what oversight applies to long-term data retention.
- Public interests cited: Proponents emphasise potential reductions in shoplifting and threats to staff safety, while critics warn of risks to civil liberties and consent in everyday shopping.
The tribunal’s ruling underscores the tension between criminal-justice objectives and personal privacy, a balancing act that has grown more visible as biometric technologies become more common in public-facing spaces. Bunnings, one of the country’s largest hardware retailers, has indicated that any deployment would be accompanied by policies designed to govern data handling, access, and retention, though specific details have not been fully disclosed.
What we don’t know
- Exact rollout plan: It remains to be seen whether the technology will be used nationwide or in select locations first, and what criteria will trigger its use.
- Data management: Questions linger about how biometric data will be stored, for how long, and who will have access to it beyond security teams.
- Consent and notice: How customers will be informed about the use of facial recognition and whether opt-out options exist are yet to be clarified.
- Independent oversight: Details about external monitoring, audits, or statutory safeguards are still unclear, along with enforcement mechanisms if misuse occurs.
- Impact on staff and customers: What staff training will accompany the system, and how false positives or misidentifications will be addressed, remain unresolved questions.
- Legal framework: The case raises questions about how Australian privacy principles apply to biometric technologies in retail, and whether further legislative or regulatory adjustments are anticipated.
Analysts and privacy advocates say the decision could set a precedent for other large retailers, potentially widening the use of biometric tools in everyday commerce. As the details unfold, observers will be watching how data governance practices keep pace with the technology, and what safeguards are ultimately required to protect shopper privacy while addressing legitimate security concerns.
For now, shoppers may encounter security measures that reflect an evolving landscape in which stores seek to deter crime by leveraging advanced analytics. The next phase will likely involve scrutiny of how Bunnings deploys and explains the technology, and how regulators respond to the ongoing debate over biometric profiling in public life.
