06/02/2026
FACE MAPPING
As an Individual, my features such as Fingerprints and Facial features (mapping) are 'my copyright' as a person and a Australian citizen.
Anyone not authorized by myself, wanting to duplicate or record my facial imprints/fingerprints/toe-prints in any way, is in breach of this 'my personal copyright' and should by law and status as a citizen, be liable for a legal charge at the court of justice !!!
Mental nugget:
If fingerprints, personal DNA sequence and facial features may become part of a citizens future identification method (Passport), these features that are then already mapped and in unknown databases, can be a liability we do not wish published before time as privacy and identity theft will be a result and be a welcome help for hackers to exploit.
Sadly our officials do not think that far ahead and when they do, panic mode will be engaged with draconian measures then implemented.
--------------------------------------------------------
Article (unlocked)
Bunnings’ facial recognition fight is just a taste of AI regulation to come
The hardware chain’s win over the Privacy Commissioner is far more than combating retail theft. It’s the first major test case for how Australia will regulate AI.
It’s taken a little more than three years, but Bunnings has finally won the right to use technology already widely adopted around the world to help keep its staff safer and clamp down on an explosion of retail crime.
That it took so long – and that the hardware major had to mount a costly legal challenge to the Privacy Commissioner’s hard-line view on facial recognition technology – is a taste of the many regulatory battles Australian businesses will face as they roll out artificial intelligence tools. But this win is a significant moment for all retailers.
The Administrative Review Tribunal handed down its decision late Wednesday, finding in favour of Bunnings on the key points, even as the retailer lost on procedural compliance issues. The decision was clearly closely watched by the entire retail sector.
It establishes the right for retailers and other businesses to use facial recognition technology when facing serious, documented crime by repeat offenders. And it tilts the balance back in favour of business – privacy intrusions in public places can be justified if there are genuine safety concerns.
However, it also outlines strict compliance obligations: proper notification, documented privacy impact assessments, and robust data handling procedures are non-negotiable.
The threat
At its heart, Bunnings was using an unsophisticated version of AI – facial recognition technology that existed long before ChatGPT. Images were matched against a database of known offenders or individuals who had threatened staff, an almost daily occurrence across the country.
Data was held for approximately 4.4 milliseconds before deletion. During its operation, the system generated thousands of alerts that helped Bunnings address the crime problem. In its evidence, Bunnings argued that repeat offenders were responsible for around 66 per cent of theft losses and new security controls were warranted.
Facial recognition – long used in airports, casinos and stadiums around the world – can be regarded as an advanced version of a store camera. But unlike traditional CCTV, the information Bunnings collected was permanently deleted within milliseconds.
Under the Privacy Commissioner’s interpretation, these fleeting images were “sensitive information” being stored – a classification that demanded consent or extraordinary justification.
The regulator’s alternative? Bunnings should have used traditional CCTV with someone monitoring footage around the clock, manually matching faces against physical notes or images. As well as being prohibitively expensive for every store, this approach would have been slow, impractical, and likely to produce a far higher error rate.
The facial recognition system was automated and permanently deleted images of non-matched customers almost instantly. Compare this to recorded video feeds that sit on servers for weeks or footage transferred to the cloud.
Here, regulation wanted to drive an absurd outcome: cutting technology out of the process while achieving the same end, only less efficiently and at greater cost.
For many, AI represents one of the best chances Australian business has to boost productivity. The technology clearly needs guardrails – it’s powerful and has the potential to do as much damage as good. But the technology is here, and Australia must be prepared to adopt it to keep pace with the world.
‘Retail crime’
The Tribunal acknowledged the tension between competing objectives in privacy rules: promoting protection of individual privacy while recognising this must be balanced with the interests of businesses carrying out their functions.
Bunnings had been trialling facial recognition technology for three years before the Privacy Commissioner stepped in.
The Privacy Commissioner argued the rollout was disproportionate, that alternatives were available, and that the potential for false positives created unacceptable risk. The Tribunal rejected all three arguments.
Here the Tribunal found Bunnings had a case to use it “for the limited purpose of combating very significant retail crime and protecting their staff and customers from violence, abuse and intimidation within its stores”.
It also accepted that in terms of efficiently identifying known offenders, there was “no comparable alternative” to facial recognition technology. It found the system effective, reducing theft, and noted that staff felt safer with the technology in place.
While the findings clear the way for Bunnings and other retailers to more confidently use facial recognition technology, they don’t get a free run. It can only be deployed where there’s a compelling use case – documented serious crime by repeat offenders. The technology must be clearly sign posted, proper privacy impact assessments must be conducted, and privacy policies must be updated before implementation. This points to more regulation.
The judgment is less clear on future data handling obligations. In Bunnings’ case, data was automatically destroyed. Whether this becomes a standard remains to be tested.
Absurd fight
The Bunnings battle was one that needed to finally happen, but it was an absurd one at that. Here was a retailer looking to innovation to tackle a genuine crime problem. A more pragmatic regulator would have considered this a small price to pay for staff safety and reduced theft costs that the entire economy ultimately bears.
Bunnings chief executive Mike Schneider welcomed the decision, saying it recognised the need for practical, common-sense steps to keep people safe.
“The safety of our team, customers and suppliers has always been our highest priority. Our intent in trialling this technology was to help protect people from violence, abuse, serious criminal conduct and organised retail crime,” he said.
As Australian businesses increasingly deploy AI tools to improve productivity and address real-world challenges, they should expect regulatory scrutiny. But that scrutiny must be proportionate, evidence-based, and recognise competitive realities. The Privacy Commissioner’s absolutist interpretation of the rules would have forced Bunnings toward less effective, more expensive, and more privacy-intrusive alternatives.
This judgment provides a framework: AI and facial recognition technology can be used in retail settings, but compliance obligations are strict.
The regulatory fights over AI adoption in Australia are only just beginning. This is a front-line decision and suggests courts will take a more balanced view than regulators – but businesses shouldn’t count on winning every battle.
Link:
https://www.theaustralian.com.au/subscribe/news/1/?sourceCode=TAWEB_WRE170_a_FBK&dest=https%3A%2F%2Fwww.theaustralian.com.au%2Fbusiness%2Fcompanies%2Fbunnings-facial-recognition-fight-is-just-a-taste-of-ai-regulation-to-come%2Fnews-story%2F15bdb9cb5b909f70e57ab94e19a49b8f&memtype=anonymous&mode=premium&v21=GROUPB-Segment-2-NOSCORE&V21spcbehaviour=append
