Bunnings has been partially successful in setting aside a decision by the nation's privacy watchdog that its use of facial recognition technology (FRT) in its Victorian and New South Wales stores was unlawful.
The Administrative Review Tribunal reversed most of an earlier Office of the Australian Information Commissioner (OAIC) ruling that tuse of the technology breached national laws.
However, Bunnings was directed to "take reasonable steps to provide notification that personal information is being collected."
Bunnings had been using the Hitachi-supplied technology since 2018, to detect individuals suspected to have engaged in violence against staff, retail theft or fraudulent activity, amongst other things, so they could be blocked from entering stores.
The company held an enrolment database with still images of faces of hundreds of people falling into the abovementioned categories, along with vector sets stored on servers in stores for the purposes of matching individuals to the recognition data.
Scanned facial image vector sets, which are mathematical representations of facial features of customers entering the store, were only held temporarily in non--permanent random access memory (RAM) of store computers.
In its appeal, Bunnings contended that an image of a face is not biometric data that satisfies the statutory definition of sensitive information, but the tribunal was not convinced by that argument.
The tribunal took into account a decision regarding controversial biometrics scanning company Clearview AI that found while an image of a person's face would not be biometric information in every case, it clearly is in some contexts, allowing biological markers to establish identity.
Bunnings ceased to use facial recognition technology in the wake of the OAIC launching an investigation into the use of the technology in 63 stores in Victoria and NSW.
OAIC found that Bunnings had failed to take reasonable steps to notify individuals about their personal information being collected, and did not implement practices, procedures and systems to comply with Australian privacy legislation.
At the time, Bunnings said it would seek a review of the OAIC determination.
OAIC said it is considering the decision, and reserved its right to appeal.
Bunnings managing director Mike Schneider welcomed the tribunal's ruling, saying it recognised the need for practical, common sense steps to keep people safe.
"Our intent in trialling this technology was to help protect people from violence, abuse, serious criminal conduct and organised retail crime," Schneider said in a statement.
_(20).jpg&h=140&w=231&c=1&s=0)
_(23).jpg&h=140&w=231&c=1&s=0)
_(33).jpg&h=140&w=231&c=1&s=0)
iTnews Executive Retreat - Security Leaders Edition
iTnews Benchmark Awards 2026
iTnews Cloud Covered Breakfast Summit
The 2026 iAwards
_(1).jpg&h=140&w=231&c=1&s=0)
