February 7, 2023

Volume XIII, Number 38


February 07, 2023

Subscribe to Latest Legal News and Analysis

February 06, 2023

Subscribe to Latest Legal News and Analysis

Australia Objects to 7-Eleven’s In-Store Use of Facial Recognition Technology

The Office of the Australian Information Commissioner issued a determination earlier this fall about 7-Eleven’s use of “faceprints.” The OAIC found the convenience store improperly collected faceprint information without getting individuals’ consent in violation of the Privacy Act.

Accordingly to the OAIC, 7-Eleven used facial recognition technology as part of in-store surveys in 700 stores across the country. Approximately 1.6 million customers (as of March 2021) complete the survey on tablets with built-in cameras. The cameras took facial images of the customer as they went through the survey.  These images were uploaded by the third party providing the service to a centralized server. The third party then processed the images to make sure the same person wasn’t leaving multiple responses.  The images were also analyzed to understand the gender and age of survey respondents.

7-Eleven argued that the images were not “personal information” and that in any event, it had disclosed the recording in notices posted at the entrance of its stores.  Some notices had only an image of a surveillance camera, other signs though did say “by entering the store you consent to facial recognition cameras capturing and storing your image.” The OAIC disagreed with the company, stating that the images were personal information. Moreover, it found the signage (even the signs with the full statement) were insufficient for obtaining consent. The OAIC held that express consent was required, and could not be implied as a result of someone entering the store after reading the sign.

Putting It Into Practice: This case is a reminder that regulators beyond those in the US and the EU are concerned about use of facial recognition. Companies using these technologies in Australia will want to keep in mind the expectations around obtaining express consent when collecting faceprints. 

Copyright © 2023, Sheppard Mullin Richter & Hampton LLP.National Law Review, Volume XI, Number 321

About this Author

Liisa Thomas, Sheppard Mullin Law Firm, Chicago, Cybersecurity Law Attorney

Liisa Thomas, a partner based in the firm’s Chicago and London offices, is Co-Chair of the Privacy and Cybersecurity Practice. Her clients rely on her ability to create clarity in a sea of confusing legal requirements and describe her as “extremely responsive, while providing thoughtful legal analysis combined with real world practical advice.” Liisa is the author of the definitive treatise on data breach, Thomas on Data Breach: A Practical Guide to Handling Worldwide Data Breach Notification, which has been described as “a no-nonsense roadmap for in-house and...

Anne-Marie Dao Attorney Intellectual Property Sheppard Mullin San Diego

Anne-Marie D. Dao is an associate in the Intellectual Property Practice Group in the firm's San Diego (Del Mar) office.

Areas of Practice

Anne-Marie is a skilled trial litigator whose practice focuses on privacy and general business litigation.  She is a zealous advocate for her clients. Her client-driven approach allows her to achieve results tailored to the needs of each specific client, in everything ranging from negotiating early settlements to bet-the-company litigation for her clients.