Australia: Information Commissioner opened investigation into Kmart Australia Limited’s use of facial recognition technology

On 26 August 2025, the Australian Information Commissioner initiated an investigation into Kmart Australia Limited regarding alleged breaches of the Privacy Act. The investigation focuses on Kmart’s deployment of facial recognition technology (FRT) across 28 retail stores between 22 June 2020 and 15 July 2022. The scope of the investigation includes potential non-compliance with Australian Privacy Principles (APPs) 3.3, 3.4, 5.1, 5.2, 1.3, and 1.4. It examines whether valid consent was obtained and whether Kmart’s reliance on the “permitted general situation” under Section 16A, item 2, was legally justified. The Information Commissioner will assess the proportionality, transparency, and governance of the data collection practices, as well as the availability of less intrusive alternatives.