Companies are rushing to use facial recognition technology, raising fears the law is too slow to catch up | Privacy

The rollout of facial recognition technology to every pub and club in NSW shows how companies are forging ahead in collecting biometric information before the law has had a chance to catch up, warn the experts.

The NSW government introduced new laws this week allowing the use of facial recognition in pubs and clubs, although it has yet to develop rules to guide the rollout.

Clubs NSW says the scheme – which is already in use at around 100 licensed venues – would be used to tackle problem gambling by matching people’s images to those who have signed up for the industry’s self-exclusion system. Faceprints of others at the scene would be removed, the lobby group said.

A spokesperson said the program would “comply” with Australian privacy law and privacy principles, and “contain strict safeguards for the use and disclosure of biometric data”.

As Australia’s Federal Office of the Information Commissioner (OAIC) ​​enforces the Privacy Act, experts say the growing use of facial recognition technology in Australia is “deeply concerning” and that current laws were not designed to deal with it.

“There are, however, holes in privacy law big enough to drive a truck,” said Nick Davis, professor of emerging technologies at the University of Technology Sydney.

“Right now, we just don’t have uniform standards for its use. We have no idea, for example, who operates this system and how the limits of its use will be regulated.

The clubs’ announcement this week coincided with the introduction of a new bill in the NSW parliament giving industry powers “to collect biometric information from persons on registered club premises”.

In a speech to parliament, alcohol and gaming minister Kevin Anderson said use of the technology would be regulated by the OAIC, with a set of rules guiding its use “such as signage, purpose of data collection, deletion deadlines and other privacy protection mechanisms”.

Those regulations, however, still need to be worked out, which Kate Bower, a consumer data advocate for Choice, said was the key issue.

“The problem at the moment is that the uses of facial recognition technology are proliferating and because we don’t have regulations and safeguards in place, we don’t have any regulations to fall back on,” she said. declared.

“Its use is dictated on a case-by-case basis. Businesses decide on appropriate uses rather than people. »

Earlier this year, retailers Bunnings and Kmart announced they would end the use of facial recognition technology in stores after an investigation by Choice found the companies were using the technology for “security and theft prevention”.

Although the clubs said the technology in this case was used as a harm reduction measure, Bower said the lack of transparency around its use meant it was impossible to know what safeguards were in place.

“At the moment we just trust NSW clubs that they have done the proper privacy assessments and have the right systems in place, but they haven’t been as transparent about how it works.” , she said.

Last month, Davis, together with the former head of the Australian Human Rights Commission, Edward Santow, released a new report calling for model legislation to deal with the expansion of technology.

Under the model law, companies or government agencies that use facial recognition technology would have to assess the risk to human rights and show why the technology was needed.

In the case of gambling harm minimization, Bower said, it was unclear why facial recognition technology was needed.

“I think when a company wants to implement privacy-invasive technology like this, it’s very important that they consider all the options available and if there are less invasive options, they should be a priority,” she said.

“There are a lot of steps pubs and clubs could take before taking this very dramatic step. Obviously, they were very reluctant to implement the cashless game card for their own reasons, but even simple security checks that are supposed to be used now seem preferable.


Source link

Comments are closed.