Facial recognition at retail stores - we need your help

Video cameras are a the entry/exit of tens of thousands of stores around the country. For security and safety reasons. If you don’t like it, wear a Covid mask. I still do because Covid is still very active and deadly.

And in Australia.

SpotLight has a general notice that the store is under video surveillance. Does this extend further? The following Privacy Policy may be relevant.

‘https://www.spotlightstores.com/privacy-policy

I’m uncertain whether this is any different to most other large retail chains policies. It does not clarify if FR is in use or not.

image1536×2048 191 KB

Video surveillance and facial recognition are very different things.
First relates to security (inventory, employees and customers) the latter to identifying individuals and accumulation of copious amounts of data about them to sell to advertisers cough oh sorry I meant ‘partners’.

If there’s such an issue with shop lifting maybe they should get rid of what caused a 15-20% increase when introduced (self checkouts)!

All the Hong Kong protests have led to CCP and like developing facial recognition that can handle masks and the like too.

I wonder how do they get adequate consent from/for minors?
Will like google would they provide all the information they have about you upon requested (which for google is usually a shocking amount).

Not all of us would draw that conclusion. How does a store record and collect or use it’s video? Surveillance might be active by a person, a time lapse recording, or it could be through an AI enabled engine that detects certain events, including individual identities.

Someone familiar and with better knowledge of the statutory privacy legislation might like to comment further. Bunnings notice “video surveillance which may include facial recognition, is utilised” suggests one possibility.

The reference to FR may be required, or simply a tactic to raise awareness, advice optional. I was unable to quickly find a satisfactory answer that clarified whether there is a need under privacy legislation to advise FR might be utilised where it is advised video surveillance is in use. Using and storing captured video stills of customers faces as part of evidence (that’s recognition of faces) is a lawful purpose for the use of identity data. Whether faces are scanned by a computer or human would seem to make little difference. It may be only about whether there is a lawful purpose for doing so?

While I understand the problem. Data collecting everyone without their permission is not the solution. It’s a savings measure brought about by staff cutting as it’s cheaper to not have staff and wear the cost of “shrinkage”. When shoplifting gangs become involved surely it’s the responsibility of the police to collect the data, hold the data and use the data in any allegation of criminal activity. So technically if these big box stores need to address crime committed within their stores, surely the request should go via the police and criminal justice system. While 24 hour video surveillance is advertised. The holding and storage of that data is where the public need to step in for a discussion. I certainly don’t think business should be deciding to hold onto the data. Surely the fact that most transactions are by card and heavily data monitored as the media will have us believe means we are nearly already there. The natural progression is that the greeters will address us all by our names in the name of PR and “making the customer feel special and remembered”.

… and in the name of creeping us out. But that’s probably what your scare quotes meant.

The government isn’t interested in that discussion because all that data is useful for unrelated government purposes e.g. unrelated investigations.

How soon before the government legislates that all recorded video must be retained for X months?

Storing biometric data to catch thieves is one thing. But storing it for the sake of it is another thing altogether: intrusive and, yes, creepy. So how about this: they are allowed to use the data to search their own database of thieves, but that’s it. Once the search is done the data must be deleted.
Selling the data in any form should be prohibited.

Our investigation into this issue was released today:

Welcome to the community @GJGadzooksJr

The ABC offers the following.

My personal observation across 3 Bunnings over the past weeks is it’s possible to enter the store and not pass one of the signs. One in particular had no sign on the main entry, either side but it had one on the garden entrance.

I agree with @GJGadzooksJr. I think the thing that is concerning for me is less the fact they could be checking my biometrics against a database, and more they could be storing said biometrics.

Any stored personal data is a risk. No matter what precautions are put in place, there is always a chance that data could be breached either accidentally or maliciously. When I agree to a privacy policy, I consider things like why a business would reasonably need that information and how secure the data is likely to be. For example, I am signed up for Facebook but given their security record I limit the amount of data I opt to hand over.

Not having clear information on all of this before a store collects my personal data prohibits me from assessing that risk, or giving me an option to limit or stop providing my information.

I don’t see a problem with facial recognition for security or any other purpose.

Your privacy is not what you think it is. for instaance a lot of phone apps now use 2 factor identification, for your security right? Maybe a bit, but that’s additional information to specifically identify and link yor phone, which can easily be tracked with other personal inforrmation. Twitter was recently fined for using 2-factor identificaiton of users to enhance their “advertising” product to onsell user informaiton in competition with other suppliers of personal information.

If you use the internet then a lot of information is already collected and used.

e.g. if you do an eBay search for something, chances are you will start receiving emails about what you searched for. I had an email conversation with someone in another country about digital signatures, then we both started getting emails from Adobe touting their digital signature technology. Creepy, not really as I already accept that Microsoft and all the big tech companies mine and sell personal data of all thir users, even if they say they don’t.

Facial recognition algorithms, software, is available to anyone who has a modern IP security camera, you can easily set it up in your camera software, as is character recognition for number plates and any other signage on your vehicle. Put a bumper sticker on your car to show you support, say Sea Shepherd, or a Pony Club and you will end up in someone’s database.

Apple phones now can do security facial recognition with a mask on, there is enough information on the rest of your face to do this. The software continually improves, and that’s not going to stop.

Every airport uses facial recognition. In the USA, airports want facial recognition software to be able to detect emotion, like anxiety of kinds and stress. That kind of application, will spread and also be linked to voice recognition.

Medical facial recognition is being used in trials to see if unconscious patients are in pain, what a boon to medicine. Facial recognition software can analyse small muscle 'tells" in your facial expressions that are impossble to mask.

Wanting to protect your privacy if you own a smart phone, is already over and all you can do is limit some of the effects of continuous surveillance outside your home. (And Alexa, Siri etc will all keep you safe in your home, of course!)

Another major reason the purpose of store displays. The methods used by these stores is to encourage an increase in sales and to reduce overhead costs. Many items are packaged (increasing pollution). Further to that is, that there is little other security in the stores (reduction in wage’s cost) to protect against shoplifting. Items are displayed in order to increase sales. However the display methods increase the risk of stock being easily removed from the shelves hidden before the person’s departure from the store. Lyn

Australian, French, Italian and British privacy regulators seem to have an issue with facial recognition.

See Clearview AI - Wikipedia

In May 2022, Clearview agreed to settle a 2020 lawsuit from the ACLU, which prohibited the sale of its facial recognition database to private individuals and businesses.[154] Clearview paid $250,000 in legal fees and agreed to limit its 20 billion facial photo database to government agencies.[2]

In May 2022, Clearview was ordered to delete all data belonging to UK residents’ facial recognition data by the country’s privacy watchdog, the Information Commissioner’s Office (IOC). Additionally, the ICO fined Clearview £7.5 million for failing to follow the UK’s data protection laws. This fine marked the fourth of its type placed on Clearview, after similar orders and fines issued from Australia, France, and Italy.[155]

About 15 years ago I was working out of Western Europe with a FMCG company. As we were a prefered supplier with many of the big brand retailers we were granted access to some of their merchandising practices. This included detailed data gathering techniques in stores. As each customer entered a store their gender, body shape, height and identifying facial structure was recorded, these details were matched where possible if that customer returned with the purpose of building a clear picture of who were the most beneficial customers and probably more useful the best direction for brand strategy to maximise profit by selecting the fastest moving items showing the highest margins. Patterns of shopping supported by immensely detail data. What were the purchases, total spend of shop. Time spent in store. What factors influenced longer stays or additional product purchases, and so on. All pretty harmless and hugely beneficial to the brand with whom I worked. Its not at all surprising to me that this type of detailed collection of data, including facial recognition, has continued to grow and develop especially with the fractured state of security these days and the ruthless pursuit of higher profits.

Welcome @Sj2 and thank you for you detailing your experience in this area. @kbower may be interested in contacting regarding all this.

Thanks. Not sure I could assist with much I left the company 2013 and returned to wonderful Australia.

Authentication apps do not provide information about your phone. 2FA via SMS or phone call is not decent authentication.

Yes, Twitter is now in trouble for doing some idiotic things in the US - that does not excuse any other company from doing similarly idiotic things.

They do? Can you link to anything confirming this?

There is an enormous difference between video surveillance and facial recognition. The latter specifically identifies an individual and records data about that individual for later reference. It relies upon some high-tech wizardry to specifically identify individuals, and can then apply that to billions of images in order to link individuals to their online and real life movements.

Take out the computer smarts and you have video surveillance. A security officer may be able to monitor three screens at once and identify up to say fifty individuals who are ‘undesirable’ and not to be allowed into the store. They will make plenty of mistaken identifications along the way.

The difference between video surveillance and facial recognition is enormous, in both scale and accuracy. Facial recognition is potentially the equivalent of having someone follow you everywhere and watch everything you do.

I certainly don’t think every airport uses it but this article from 2018 shows that enough are starting to use it:

21 Airport Facial Recognition Adoption Examples - BiometricToday