NextFin News - In a decision that marks a pivotal shift in the intersection of privacy law and retail security, the Administrative Review Tribunal (ART) of Australia ruled on February 5, 2026, that hardware giant Bunnings was reasonably entitled to use artificial intelligence-driven facial recognition technology (FRT) across its store network. The ruling effectively overturns a 2024 determination by Australia’s Privacy Commissioner, Carly Kind, which had previously found that the retailer breached privacy laws by scanning hundreds of thousands of customers' faces without explicit consent. While the tribunal noted that Bunnings should improve its notification processes and privacy policies, it concluded that the deployment of the technology was a proportionate response to the "very significant" retail crime and staff abuse occurring within its warehouses.
The legal battle centered on a trial conducted by Bunnings between January 2019 and November 2021, during which the retailer deployed FRT systems in 62 stores across New South Wales and Victoria. The system, developed by Hitachi, captured biometric markers of every shopper entering the premises and cross-referenced them against a database of "enrolled individuals"—persons suspected of theft, refund fraud, or threatening behavior. According to the tribunal's findings, the system was designed for high-speed processing, with non-matching data being automatically deleted within an average of 4.17 milliseconds. This technical safeguard proved crucial in the tribunal's assessment of whether the intrusion on privacy was justified by the security benefits provided to staff and the public.
The tribunal’s decision is deeply rooted in the escalating crisis of retail safety. Wesfarmers, the parent company of Bunnings, reported more than 13,500 threatening incidents toward staff in a single 12-month period, including over 1,000 physical assaults. Managing Director Mike Schneider emphasized that approximately 70 percent of these incidents were caused by repeat offenders, making the ability to identify known risks at the point of entry a critical safety measure. By ruling in favor of Bunnings, the ART has acknowledged that the right to a safe workplace can, under specific circumstances, outweigh the broad privacy expectations of the general public, provided the data handling is sufficiently ephemeral and targeted.
From a financial and operational perspective, this ruling provides a green light for the broader retail sector to integrate advanced AI surveillance into their loss prevention strategies. Retailers have long struggled with the "shrinkage" problem—a combination of theft, fraud, and administrative errors—which costs the Australian retail industry billions of dollars annually. Professor Gary Mortimer of the Queensland University of Technology noted that this decision creates a legal framework for other major players, such as Kmart and Woolworths, to adopt similar computer vision systems. The shift toward AI-driven security is not merely about catching shoplifters; it is about reducing the long-term insurance premiums and legal liabilities associated with workplace violence.
However, the ruling does not grant retailers carte blanche. The ART specifically highlighted that Bunnings failed to provide adequate signage and clear communication to its customers. This suggests that the future of retail AI will be defined by "transparent surveillance." To avoid further legal challenges, companies will likely need to implement more robust "Privacy by Design" frameworks, including formal risk assessments and highly visible disclosures. The Office of the Australian Information Commissioner (OAIC) has already signaled that it will continue to monitor the situation closely, citing that 84 percent of Australians desire more control over their personal information.
Looking forward, the Bunnings case is expected to catalyze a technological arms race in the retail environment. As U.S. President Trump continues to emphasize law and order and technological sovereignty in the global sphere, the adoption of AI for domestic security is becoming a normalized corporate standard. We can expect to see the integration of FRT with other AI tools, such as loitering detection and behavioral analysis, which can identify suspicious patterns before a crime is committed. While civil liberties groups like Digital Rights Watch warn of the normalization of mass surveillance, the legal precedent set today suggests that in the eyes of the law, the safety of the storefront is increasingly becoming a digital responsibility.
Explore more exclusive insights at nextfin.ai.
