The Office of the Australian Information Commissioner (OAIC) has closed its investigation into 7-Eleven’s use of facial recognition technology (FRT), expressing satisfaction with the company’s remedial actions.
The global convenience store chain, operating over 700 stores across Australia, faced scrutiny after breaching the Privacy Act in 2021 by capturing 1.6 million facial images through in-store customer feedback tablets. Despite assurances to prevent future breaches, the FRT was inadvertently reactivated in 2023, resulting in an additional 45,874 facial images being captured across 54 stores in Victoria, New South Wales, the Australian Capital Territory, Queensland, and Western Australia.
The OAIC noted that the second activation was unintentional, caused by an automatic setting in new devices deployed by a third-party supplier. Both 7-Eleven and the supplier were reportedly unaware of the reactivation until the company voluntarily notified the OAIC in April 2023.
The facial images were originally used to detect multiple survey responses from the same individual within a 20-hour period on the same tablet, aiming to ensure the authenticity of customer feedback. Additionally, the technology provided a general understanding of the demographic profiles of respondents by assessing approximate age and gender. The images were temporarily stored on the tablets before being uploaded to a secure server and processed into encrypted facial representations by the service provider.
In response to the latest breach, 7-Eleven promptly directed its service provider to delete all captured facial images and implemented new measures to prevent future occurrences. These measures include disabling the FRT functionality at a company-wide level and introducing an hourly scanning mechanism to ensure the technology remains deactivated across all devices.
The OAIC stated that it is now “satisfied” with the procedures and practices 7-Eleven has put in place to safeguard customer privacy.
However, the OAIC expressed ongoing concern about the broader use of facial recognition technology. “The use of this technology continues to be a regulatory priority for the agency,” it stated, emphasizing the need for organizations to embed privacy considerations into any planned use of FRT from the outset. The OAIC advises entities to conduct iterative testing to ensure the robustness of their privacy protections.
–
September 27, 2024 – by Cass Kennedy
Related News
Updated Council of Europe Guidelines Warns Against Biometric Voter ID
U.S. Civl Rights Commission to Publish Federal FRT Report
Australia’s Information Commissioner Calls Off Clearview Inquiry
Worldcoin Upgrades Biometric Processing System, Deletes Old Iris Codes
‘World Chain’ to Extend Reach of Worldcoin’s Biometric Digital ID System
Big New Appointments at the Pentagon and the STA – Identity News Digest
Follow Us