The Office of the Privacy Commissioner (OPC) has concluded its investigation into the privacy implications of the trial by Foodstuffs North Island (FSNI) of live facial recognition technology (FRT) in selected supermarkets. In a recently released report, the OPC has concluded that the trial was compliant with the Privacy Act 2020 (Privacy Act), due to the robust privacy protection safeguards employed.

This article looks at the findings from the OPC’s investigation, and outlines key privacy considerations for other business who may be considering adopting similar technology.

Background

FSNI trialled live FRT in twenty-five supermarkets over the six-month period from February to September 2024. The trial examined whether FRT could reduce instances of serious harmful behaviour in FSNI stores, including violence, threatening behaviour and high-value theft.

The FRT operated by scanning customers’ faces in real time as they entered the supermarket, creating a mathematical representation known as a “biometric template”. The biometric template was compared against a database of previously stored templates from known offenders on a store specific “watchlist”. The system produced a comparison score, measuring how similar the two templates were. Any matches over a specific threshold triggered an alert, which two staff members would manually verify before any decision on how to respond was made.

An image of a person’s face collected by FRT is personal information and falls within the scope of the Privacy Act. 

As the trial involved a novel application of FRT technology in a retail context in New Zealand, and involved significant privacy concerns, the OPC opened a formal inquiry into the trial in April 2024. 

The OPC’s investigation

The OPC’s investigation involved monitoring FSNI’s implementation of the trial to ensure it complied with the Privacy Act, and that privacy risks were appropriately mitigated.

The OPC recognised that many New Zealanders have expressed concern that the widespread use of FRT may normalise a culture of surveillance, and the consequences it may have on New Zealanders’ ability to access essential services. 95% of New Zealanders will shop at a store owned by one of the two major grocery retailers in any given week, so those barred from entry to supermarkets may face limited alternatives to an essential service.

The OPC concluded that, while the level of privacy intrusion was high because an image of every store visitor’s face was collected, the privacy safeguards employed by FSNI reduced those risks to an acceptable level. Those safeguards included:

• Rapid deletion of most images: Unmatched images were deleted within one minute, and matched images where no action was taken were deleted by midnight on the same day. 
• Careful management of “watchlists”: Images of offenders on the in-store “watchlists” were retained only for a two-year period and were not shared between stores.
• No use of images for training: Any images captured as part of the FSNI’s trial were expressly not to be used for training purposes.
• Transparency: Participating stores had clear signage at the entrance and throughout the stores. Staff were trained to answer questions and information about the trial was also published on FSNI’s website.
• Constrained use: Use of FRT was limited to reducing the number of serious harmful behaviour incidents of repeat offenders. No other use was permitted.
• Accuracy: FSNI initially required a match threshold of 90%, as raised to 92.5% following two misidentification incidents. 
• Bias: The technology trialled had not been trained on a New Zealand dataset, giving rise to concerns about its ability to accurately detect Māori and Pacific Island people. However, it had been trained on similar groups in Australia which reduced the potential for technical bias in the matching process. 
• Security: Only authorised personnel had access to the information in the FRT system, access was logged and regularly reviewed, and robust technical measures were employed to protect the personal information collected and stored via the FRT.

While the OPC’s report concluded the trial was compliant with the Privacy Act, it highlighted a number of things that FSNI would need to address before considering using FRT permanently or expanding it into further supermarkets. This includes, for example:

• Reviewing whether the current 92.5% threshold matching criteria is sufficient or needs to be increased.
• Ensuring the “watchlist” criteria remain consistent with the practice during the trial that targeted genuinely harmful behaviour (and not expanding to lower-level behaviour criminal behaviour such as shoplifting).
• Checking that trespass notices have been issued for qualifying harmful offences. 

Considerations for FRT use

The OPC made it clear that FSNI’s trial should not be interpreted as a green light by other businesses for the use of FRT. Instead, the report provides a roadmap for how such technologies can be trialled carefully, transparently, and lawfully. The OPC emphasised that each business should assess its need for the technology on its own merits and consider whether the privacy impacts are justified in its specific context.

Key considerations include the following:

• Planning and justification: Careful planning is essential. Tools such as privacy impact assessments (PIAs) to document identified privacy risks and mitigations are expected to be used, and all elements of the FRT operating model - not just the technology itself - must be well designed with privacy front of mind. Organisations need to justify the use of FRT as opposed to a less intrusive option.
• Proportionality: Relatedly, the OPC’s proposed biometrics code of practice  includes an expanded proportionality obligation, which will require agencies to consider not only the lawfulness and necessity of an FRT solution for the problem a business is trying to solve, but also the proportional impact of the proposed solution on privacy.
• Due diligence and design: Organisations must do due diligence on their software provider and satisfy themselves that the software has sufficient security protections in place.
• Define targets and beware bias: The target group must be justified by reference to the purpose of the FRT. The potential for bias must be considered. In the report on the FSNI trial, the OPC suggested treating the results with caution, because the FRT technology was developed overseas and lacked training data for the New Zealand population. This meant that the technology may not fully address bias issues, including the potential impact on Māori and Pacific people. Therefore, it must only be used with robust operational processes, including human checks to mitigate that residual risk of bias in the decision making. 
• Monitor: Privacy risks and mitigations need to be continuously reviewed and (if necessary) adjusted to ensure they accurately reflect what happens in practice. This all needs to take place in the context of a continuous monitoring and review of the effectiveness of the deployed technology to ensure it is achieving the desired outcomes.

Read the OPC’s full report into FSNI’s FRT trial here. Alongside the report, the OPC has issued a “Using live Facial Recognition Technology well” factsheet for those businesses considering FRT. The factsheet can be accessed here. 

Get in touch

If you have any questions about the OPC’s report, or how the findings may be relevant for your business, please reach out to one of our experts who will be happy to assist.

Special thanks to Cody Malaki for his assistance in writing this article.