Thu. Dec 1st, 2022

The rollout of facial recognition technology in all New South Wales pubs and clubs shows how business is forging ahead collecting biometric information before the law has had a chance to catch up, experts warn.

The NSW government this week introduced new laws allowing the use of facial recognition throughout pubs and clubs, despite not yet developing rules to guide the rollout.

Clubs NSW says the scheme – which is already being used in about 100 licensed venues – would be used to combat problem gambling by matching people’s images to those who have signed up to the industry’s self-exclusion system. The faceprints of other people in the venues would be deleted, the lobby group said.

A spokesperson said the scheme would be “compliant” with the Privacy Act and the Australian privacy principles, and “contain strict safeguards for the use and disclosure of biometric data”.

While the federal Office of the Australian Information Commissioner (OAIC) enforces the Privacy Act, experts say that the expanding use of facial recognition technology in Australia is “deeply concerning”, and that current laws weren’t designed to deal with it.

“There are holes in the Privacy Act big enough to drive a truck though,” Nick Davis, a professor in emerging technology at the University of Technology Sydney, said.

“At the moment we just don’t have uniform standards around its use. We have no idea about, for example, who is operating this system and how the limits of its use will be regulated.”

The Clubs announcement this week coincided with the introduction of a new bill in the NSW parliament giving the industry the power “to collect biometric information from persons on the registered club’s premises”.

In a speech to parliament, the liquor and gaming minister, Kevin Anderson, said the use of the technology would be regulated by the OAIC, with a set of rules guiding its use “such as signage, purpose of data collection, deletion time frames and other privacy protection mechanisms”.

Those regulations, though, are yet to be developed, something Kate Bower, a consumer data advocate from Choice, said was the key issue.

“The problem at the moment is that the uses of facial recognition technology are proliferating and because we don’t have regulations and safeguards in place there is no regulation for us to fall back on,” she said.

“Its use is being dictated on a case-by-case basis. Businesses get to decide what the appropriate uses are rather than the people.”

Earlier this year retailers Bunnings and Kmart announced they would halt the use of facial recognition technology in stores after an investigation by Choice found the firms were using the technology for “security and theft prevention”.

Despite Clubs saying the technology in this case was being employed as a harm-reduction measure, Bower said the lack of transparency around its use meant it was impossible to know what safeguards were in place.

“At the moment we’re just trusting Clubs NSW that they have done the appropriate privacy assessments and have the right systems in place but they haven’t been that transparent about how it works,” she said.

Last month Davis, together with the former head of the Australian Human Rights commission, Edward Santow, released a new report calling for a model law to deal with the expansion of the technology.

Under the model law, companies or government agencies which use facial recognition technology would need to assess the human rights risk, and show why the technology was necessary.

In the case of gambling harm-minimisation, Bower said, it was unclear why the facial recognition technology was needed.

“I think when any business wants to implement a privacy invading technology like this it’s very important they consider all the available options and if there are less invasive options they should be a priority,” she said.

“There are lots of steps pubs and clubs could take before they take this very dramatic step. Obviously they have been very resistant to implementing the cashless gambling card for their own reasons but even simple security checks which are supposed to be used now seem preferable.”



Source link