Overview
- Kmart used facial recognition at entrances and returns counters in 28 stores from mid‑2020 to July 2022, capturing the faces of every person who entered affected sites.
- The Office of the Australian Information Commissioner found Kmart failed to notify shoppers or obtain consent and rejected the retailer’s reliance on an unlawful‑activity exemption in the Privacy Act.
- The commissioner concluded the system had limited utility against refund fraud and that the benefits did not outweigh the privacy impact, referencing the small value of fraud relative to Kmart’s revenue.
- Kmart was ordered not to repeat the practice and to publish a public statement within 30 days, with the company saying it is disappointed and considering appeal options.
- The ruling follows a similar 2024 finding against Bunnings that is under Administrative Review Tribunal review, with regulators stressing facial recognition is not banned but must meet strict privacy standards.