The Administrative Review Tribunal has affirmed the Privacy Commissioner’s finding that Bunnings Group Limited contravened Australian Privacy Principles 1 and 5 by failing to provide appropriate notice or conduct formal risk assessments regarding its implementation of facial recognition technology (FRT). While the Tribunal agreed that the momentary digital collection of data constitutes a “collection” under the Privacy Act, it departed from the Commissioner’s specific finding on APP 3.3, ruling that Bunnings was entitled to a consent exemption for the limited purpose of protecting staff and customers from retail crime and violence. This decision underscores that while limited exemptions exist for emerging technologies, they are subject to robust, case-by-case criteria and must be proportionate to the problem being addressed. The Office of the Australian Information Commissioner (OAIC) welcomed the reaffirmation of key interpretive positions on privacy governance, noting that a significant majority of Australians remain deeply concerned about the lack of control over their personal information and support stronger regulatory protections. The OAIC is currently reviewing the implications of the ruling, which remains subject to an appeal period.
Click here for the official article/release
Disclaimer
The Legal Wire takes all necessary precautions to ensure that the materials, information, and documents on its website, including but not limited to articles, newsletters, reports, and blogs (“Materials”), are accurate and complete. Nevertheless, these Materials are intended solely for general informational purposes and do not constitute legal advice. They may not necessarily reflect the current laws or regulations. The Materials should not be interpreted as legal advice on any specific matter. Furthermore, the content and interpretation of the Materials and the laws discussed within are subject to change.
