The ordinary person is subject to a degree of surveillance that has never before been seen. Such surveillance often occurs in the name of generating safe communities by both pre-empting and preventing crime. In particular, supermarket giants Coles and Woolworths have expanded their security measures, focusing on the development of in-store technology systems that aim to collect even more data from their customers. This poses the question: does the recent expansion of supermarket security into the realm of AI facial recognition and detection impinge on our right to privacy?
These developments can be understood within the larger phenomenon of “Big Data”. The term “Big Data” refers to the collection and use of vast data sets to profile, predict trends and influence consumer behaviour. The collection and utilisation of data is so ubiquitous within the digital age that it has been enshrined as the core economic asset of the 21st Century, enabling surveillance capitalism to flourish in line with the expansion of information economies, according to scholar Shoshana Zuboff. This type of data is being developed, captured, and utilised by large corporations in inconceivable volumes every second.
The key argument that the big supermarket chains have forwarded in light of criticism hinges on the growth of the retail theft crisis in Australia, which costs big chains $100 million each year. This has led the supermarket giants to respond by rolling out $40 million investments to develop AI CCTV technology and body-worn cameras to “prevent crime before it happens”. At the same time, these big supermarkets continue to record huge profits whilst employing these invasive and punitive measures in a cost of living crisis.
These investments are simply the tip of a very sophisticated, and expensive, security iceberg. Whether you knew it or not, if you have walked into any Woolworths from 2020 onwards, then chances are you likely would have been monitored by “Auror”, their “Retail Crime Intelligence Platform”, that attempts to combat theft through deterrence measures that promise to “improve store reporting, gain visibility, and understand what is going on with malicious loss.”
Auror actively gathers data on consumers through complex networks of security cameras that identify individuals who have engaged in theft or been recorded as recurring nuisances to staff. The data is then used to provide alerts to staff when supposed suspects enter the store, or alternatively to police who may access the profiles of millions of Australians. According to Auror, this use of data serves a trifold public interest: (i) developing closer relationships between community stores and police in the prosecution of crime, (ii) empowering retail workers to deal with crime and (iii) deterring larcenous activities by focusing on loss prevention.
These systems operate on the premise that increased surveillance equals increased safety. However, this premise is significantly flawed. Samantha Floreani, the program lead at Digital Rights Watch, told The Guardian that “supermarkets are turning into an environment where an incredible amount of data collection and surveillance is becoming normalised”.
These comments were made in response to new trials by Woolworths to implement technology that assigns digital identifiers to customers that monitors movements throughout the store. The program utilises technology in the roof which will only allow the customer to exit once they have correctly paid for all their products. While Woolworths has assured customers that their digital identity on the system would be deleted after they leave the store, in an article about surveillance in public places, Associate Professor Moira Paterson states that the simple act of expanding surveillance into every facet of public life, treats individuals as criminals and “may make individuals more self conscious about how they interact, and what they say to other people, and even less willing to enter specific public places”. Even when consumers are uncomfortable with these increased surveillance measures, the emerging popularity of these systems among stores leaves customers often unable to simply choose to shop somewhere else. Customers are seemingly placed at the mercy of the powerful supermarket chains that exploit the vulnerability of consumers who are merely attempting to go about their day-to-day and grab their groceries.
The broadening use of technologies that collect “Big Data” in public stores including supermarkets is not unique to Australia. In particular, the Canadian Privacy Commissioner stated that the use of Big Data necessitates the development of “Big Privacy”. In Australia, privacy reform has been an area of focus recently as part of the Privacy Act Review. The current form of the Privacy Act provides limited protection against emerging invasions of privacy. The Australian Law Reform Commission has stated that this is because a cause of action for serious invasions of privacy does not exist within Australian law, despite the High Court leaving the capacity of this development open in the 2001 case of Australian Broadcasting Corporation v Lenah Game Meats Pty Ltd.
The Australian Competition and Consumer Commission has recommended that a statutory tort for breach of privacy be introduced. This would create a unified common law response to invasions of privacy where there is a corporate duty of care to protect consumer information and take “reasonable measures” to use data fairly. According to the Office of the Australian Information Commissioner, this would provide greater coverage and protection than what is afforded currently under the federal Privacy Act, as per Article 17 of the International Covenant of Civil and Political Rights by ensuring that “no one shall be subjected to arbitrary or unlawful interference with his privacy”.
But hope is not lost for consumers worried about the development of Orwellian surveillance beyond 2023. On Thursday 28 September, while not explicitly encoding a statutory tort of privacy, Attorney-General Mark Dreyfus responded to the recommendations of the Privacy Act Review Report agreeing in principle with the right to sue for invasions of privacy that are “serious”, among other improvements to the Privacy Act. While not certain, the acknowledgement for a need for change represents a positive advancement towards developing comprehensive privacy protections. We need privacy reform to challenge the surveillance practices of companies that are translating even more of our lives into data.