By Ashley Nickel,Editor

Copyright dailymail

Kmart has been found to have breached Australians’ privacy after secretly scanning the faces of every customer who walked into dozens of its stores, in a bid to crack down on refund fraud.

The Office of the Australian Information Commissioner revealed today that between June 2020 and July 2022, the retail giant installed facial recognition technology across 28 outlets, capturing the biometric data of shoppers and anyone visiting a returns counter, all without their knowledge or consent.

Privacy Commissioner Carly Kind ruled that the retailer’s use of the controversial technology was unlawful, saying the privacy impact far outweighed any benefits in stopping refund fraud.

‘I do not consider that Kmart could have reasonably believed that the benefits of the FRT system proportionately outweighed the impact on individuals’ privacy,’ Ms Kind said.

CHOICE investigative journalist Jarni Blakkarly said the practice was ‘deeply concerning’.

‘While you can easily change your email address if it’s involved in a data breach, you can’t get a new face. Consumers shouldn’t have to take that risk every time they buy clothes or household items,’ she said.

CHOICE, which first raised the alarm about the practice three years ago, welcomed the ruling but said it highlighted the weakness of Australia’s outdated privacy laws.

‘What we really need are stronger, fit-for-purpose laws to hold businesses accountable as soon as they breach customer privacy,’ Ms Blakkarly said.

Kmart stopped using the technology in 2022 when the investigation began and cooperated with the OAIC.

Refund fraud at Kmart is when people exploit the store’s returns system to get money or store credit.

It can involve bringing in stolen items and asking for a refund without a receipt or swapping barcodes to claim back more than the item is worth.