Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
AUSTRALIAN SUPERVISORY AUTHORITY: OAIC finds against 7-Eleven over facial recognition

AUSTRALIAN SUPERVISORY AUTHORITY: OAIC finds against 7-Eleven over facial recognition

Australian Information Commissioner and Privacy Commissioner has determined that convenience store group 7-Eleven interfered with customers’ privacy by collecting sensitive biometric information that was not reasonably necessary for its functions and without adequate notice or consent.

It follows an investigation by the Office of the Australian Information Commissioner (OAIC) into 7‑Eleven collecting facial images while surveying customers about their in-store experience.

The investigation found customers’ facial images were used to generate algorithmic representations, or ‘faceprints’, which were compared with other faceprints to exclude responses that may not be genuine. The personal information was also used to give a broad understanding of the demographic profile of customers who completed the survey.

The surveys were completed between June 2020 and August 2021 on tablets with built-in cameras installed in 700 stores. Customers completed 1.6 million surveys in the first 10 months.

Commissioner found the facial images and faceprints were sensitive information covered by additional protections under the Privacy Act 1988 because they were ‘biometric information that was used for the purpose of automated biometric identification’, and the faceprints were also ‘biometric templates’.

Biometric information is unique to an individual and cannot normally be changed.

Entities must carefully consider whether they need to collect this sensitive personal information, and whether the privacy impacts are proportional to achieving the entity’s legitimate functions or activities.

Commissioner Falk found that individuals did not give either express or implied consent to the collection of their facial images or faceprints, nor did 7-Eleven take reasonable steps to notify individuals of the collection of personal information.

The Commissioner also found that the large-scale collection of sensitive biometric information through 7-Eleven’s customer feedback mechanism was not reasonably necessary for the purpose of understanding and improving customers’ in-store experience.

While it accept that implementing systems to understand and improve customers’ experience is a legitimate function for 7-Eleven’s business, any benefits to the business in collecting this biometric information were not proportional to the impact on privacy.

In response to the OAIC investigation, 7-Eleven has ceased collecting facial images and faceprints as part of the customer feedback mechanism. It has also destroyed existing facial images.

Commissioner has ordered that 7-Eleven also destroy all the faceprints it collected.

The determination:

Commissioner-initiated-investigation-into-Eleven-Stores-Pty-Ltd-Privacy

SOURCE: AUSTRALIAN DATA PROTECTION AUTHORITY – OIAC

Recommended to you

Advanced Research