The rollout of facial recognition technology across all NSW pubs and clubs shows how businesses are making progress in collecting biometric information before the law has a chance to catch up, experts have warned.
The NSW government this week introduced new laws to allow the use of facial recognition in pubs and clubs, although no rules have been drawn up to guide the rollout.
The NSW club said the scheme – already in use at about 100 licensed venues – would be used to fight problem gambling by matching people’s images with those who have signed up to the industry’s self-exclusion system. The lobby group said the face prints of others in the venue would be removed.
A spokesman said the plan would be “in line with” privacy law and the Australian Privacy Principles and “contain strict safeguards over the use and disclosure of biometric data”.
While the Office of the Australian Information Commissioner (OAIC) enforces the Privacy Act, experts say the expanding use of facial recognition technology in Australia is “deeply concerning” and that existing laws are not designed to address the issue.
“The loopholes in privacy laws are big enough to drive a truck,” said Nick Davis, professor of emerging technologies at the University of Technology Sydney.
“At the moment, we just don’t have a uniform standard for its use. For example, we don’t know who is operating the system and how its usage limits will be regulated.”
The club’s announcement this week coincides with the introduction of a new bill by the NSW Parliament giving the industry the power to “collect biometric information from people on registered club premises”.
Speaking to Parliament, Liquor and Gaming Minister Kevin Anderson said the use of the technology would be regulated by the OAIC, with a set of rules to guide its use “such as signage, purpose of data collection, time of deletion Frameworks and Other Privacy Protection Mechanisms”.
Those regulations, however, have yet to be enacted, which Choice’s consumer data advocate Kate Bower said is a key issue.
“The problem right now is that the use of facial recognition technology is surging because we don’t have regulations and safeguards in place, so we don’t have regulations to fall back on,” she said.
“Its use is on a case-by-case basis. Businesses can decide what is appropriate use, not people.”
Earlier this year, retailers Bunnings and Kmart announced they would stop using facial recognition technology in stores after a Choice investigation found the companies were using the technology for “security and theft.”
While the club said the technology was being used as a harm reduction measure in this instance, Ball said the lack of transparency in its use meant it was impossible to know what safeguards were in place.
“At the moment we just believe that the NSW clubs have done the proper privacy assessments and have the right systems in place, but the way they operate is not that transparent,” she said.
Last month, Davis released a new report with Edward Santow, the former head of the Australian Human Rights Commission, calling for a model law to deal with the expansion of technology.
Under the model law, companies or government agencies using facial recognition technology are required to assess human rights risks and explain why the technology is needed.
Ball said it’s unclear why facial recognition technology is needed when gambling harms are minimized.
“I think when any business wants to implement a privacy-invasive technology like this, it’s very important that they consider all the options available, and if there are less invasive options, they should be a priority,” she said.
“There are a lot of steps pubs and clubs can take before taking this very dramatic step. Obviously they have been very resistant to implementing cashless gambling cards for their own reasons, but even a simple security check that should be used now seems to be preferable .”