Australian household hardware and garden centre chain Bunnings Group has violated Australian privacy laws by collecting personal and sensitive information through a facial recognition technology system.  

The technology, which was integrated with CCTV systems, captured the faces of every person entering 63 Bunnings stores in Victoria and New South Wales between November 2018 and November 2021, affecting hundreds of thousands of individuals. 

Privacy commissioner Carly Kind found that Bunnings collected sensitive information without consent and failed to notify individuals that their personal information was being collected.  

Additionally, the company did not include the required information in its privacy policy.  

The determination highlights issues of proportionality, necessity, and a lack of transparency in Bunnings’ use of facial recognition technology. 

The determination also points to governance shortcomings.  

How well do you really know your competitors?

Access the most comprehensive Company Profiles on the market, powered by GlobalData. Save hours of research. Gain competitive edge.

Company Profile – free sample

Thank you!

Your download email will arrive shortly

Not ready to buy yet? Download a free sample

We are confident about the unique quality of our Company Profiles. However, we want you to make the most beneficial decision for your business, so we offer a free sample that you can download by submitting the below form

By GlobalData
Visit our Privacy Policy for more information about our services, how we may use, process and share your personal data, including information of your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.

In 2022, it was revealed that the hardware chain was among several retailers using facial recognition technology in stores.  

The system was used to compare the faces of customers entering the store against a database of banned customers.  

This database included individuals identified as posing a risk due to past crimes or violent behaviour. 

Commissioner Carly Kind found that Bunnings failed to take reasonable steps to implement practices, procedures and systems required to comply with the Privacy Act.  

Kind said: “We acknowledge the potential for facial recognition technology to help protect against serious issues, such as crime and violent behaviour. However, any possible benefits need to be weighed against the impact on privacy rights, as well as our collective values as a society. 

“Facial recognition technology may have been an efficient and cost-effective option available to Bunnings at the time in its well-intentioned efforts to address unlawful activity, which included incidents of violence and aggression. In this instance, deploying facial recognition technology was the most intrusive option, disproportionately interfering with the privacy of everyone who entered its stores, not just high-risk individuals.” 

Bunnings has cooperated with the investigation and suspended its use of facial recognition technology pending the outcome. 

The commissioner has issued a directive that Bunnings must cease the practices that resulted in the infringement of individuals’ privacy.