A guest article by Tony Porter, OBE QPM LLB, Chief Privacy Officer at Corsight AI, and former Surveillance Camera Commissioner for England and Wales
Last week, Australia’s Information Commissioner ruled that Bunnings, one of the country’s largest hardware chains, breached privacy laws by using facial recognition technology without proper transparency or consent. This decision has sparked debates far beyond Australian borders, with implications for how retailers worldwide handle biometric tools.
At the heart of the issue was a lack of clear communication. Customers were not adequately informed that facial recognition was being used, nor was their consent explicitly sought. Privacy laws in Australia require that individuals are told why their personal data is being collected, how it will be used, and what their rights are. Bunnings’ misstep is a reminder to all retailers that deploying such technology requires more than good intentions; it demands transparency and ethical rigor.
Different Rules in Different Places
Would this controversy have played out the same way in the United States or the United Kingdom? Likely not, as each region approaches biometric regulation differently.
In the United States, laws like Illinois’ Biometric Information Privacy Act (BIPA) impose strict consent requirements. However, most states lack similar protections, leaving companies to navigate a fragmented and inconsistent legal landscape. Contrast this with the UK, where a cohesive framework under the Data Protection Act and GDPR demands both transparency and proportionality. Retailers in the UK must clearly justify why facial recognition is necessary and ensure it aligns with public expectations.
The Australian case also serves as a timely reminder that regulation is tightening globally. In Europe, the EU AI Act is setting new standards for responsible AI use, offering much-needed guidance on how to implement such technology ethically.
A Shifting Public Opinion
Not long ago, most retailers kept quiet about their use of facial recognition, fearing backlash. Today, the tide is turning, with openness becoming a cornerstone of public trust.
Take the Mall of America, for example, which openly communicates how it uses Corsight AI Facial Intelligence technology to identify banned individuals and locate missing children. Their goal is clear: making the shopping experience safer for everyone. Iceland’s Executive Chairman, Richard Walker, recently echoed this sentiment, expressing his support for trialing facial recognition in stores to tackle rising theft. These examples show that transparency, rather than secrecy, is the way forward.
Dos and Don’ts for Retailers
The lessons from these examples are clear: facial recognition can be a transformative tool, but only if implemented responsibly. Retailers should adhere to these key principles:
Dos
- Be Transparent: Communicate openly with customers about how facial recognition is used, why it’s being implemented, and what measures are in place to protect their privacy.
- Understand and Follow Regulations: Familiarize yourself with local, national, and international laws to ensure compliance. Ignorance of the law is not an excuse.
- Use Technology for Clear Purposes: Focus on legitimate challenges, like preventing theft, enhancing safety, or reuniting lost children with their families.
Don’ts
- Don’t Assume Implicit Consent: Always obtain explicit permission where required. Transparency is non-negotiable.
- Don’t Overextend Use: Resist using the technology for unrelated purposes like marketing or profiling, which could erode trust.
- Don’t Ignore Public Sentiment: Be mindful of how the community perceives your use of facial recognition. Engaging with public concerns fosters trust and acceptance.
Balancing Technology and Trust
Facial recognition is a powerful tool, but its deployment must be thoughtful and deliberate. The lesson from Australia is not just about legal compliance—it’s about earning and maintaining public trust. Whether in Melbourne, Minneapolis, or Manchester, the same principle holds: when companies explain why and how they use such technologies, people are more likely to see their value.
As someone who has spent years balancing the need for security with the importance of privacy, I believe the future of facial recognition lies in its responsible use. Retailers who embrace transparency and adhere to ethical standards will not only avoid missteps like Bunnings but also pave the way for wider acceptance of this transformative technology.
–
November 26, 2024 – by Tony Porter
Tony Porter previously served as the Surveillance Camera Commissioner for England and Wales under the Protection of Freedoms Act. He was Vice President and Head of Physical Security Intelligence at Barclays and Assistant Chief Constable at Greater Manchester Police before leading the North West Counter Terrorism Unit.
Related News
ID Tech Digest – November 20, 2024
ID Tech Digest – October 30, 2024
Biometrics Institute Highlights Privacy, AI, and Ethical Challenges in Latest Report
Researchers Launch Compliance Evaluation Framework for EU AI Act
Another Dating App Gets Targeted with a BIPA Class Action Lawsuit
Getaround Sued for Alleged Violations of Illinois Biometric Privacy Law
Follow Us