Editor's note: The IAPP is policy neutral. We publish contributed opinion and analysis pieces to enable our members to hear a broad spectrum of views in our domains.
As we near the end of Australia's summer season, with daylight saving time winding back in a few weeks' time, I am looking forward to the start of winter sports — including Rugby Union, Rugby League and the Australian Football League, among others. I know my Aotearoa New Zealand colleagues are also looking forward to these rugby codes kicking off so they can demonstrate their dominance once again, and we in Australia will continue to try and knock them off their perch.
It's a well-worn path, but what has changed and evolved over time is the application of privacy, artificial intelligence governance and digital responsibility across our daily lives, and particularly these types of mass attendance events in a public setting.
I've had occasion to attend two early season games for the mighty Sydney Swans AFL team at their home ground, the Sydney Cricket Ground. This is a famous and storied stadium where many historic events have played out over its almost 150-year history. As I prepared to attend the match this Saturday in mid-90 degree temperatures, I was interested and pleasantly surprised to read the SGC's prominent and well-presented privacy and facial recognition technology notice and disclosure.
The notice laid out how facial-recognition technology has been used at the stadium since 2018, solely and exclusively to apply bans on certain individuals prohibited from entering.
I reflected on the topic for some time after reading this. I recalled the guidance and comments from Australian Privacy Commissioner Carly Kind at the IAPP ANZ Summit 2024 in Melbourne, where she spoke about the action taken to sanction Bunnings for its use of facial recognition technology in its stores. While the matter is still playing out and will possibly be decided in the courts, it was her assertion that any use of such technologies should seek to apply a test of reasonability and proportionality in order to fall within the existing Privacy Act's Australian Privacy Principles.
I considered these dual goals in the context of the case study of my football match. Many of us have likely attended an event where some patrons were unable to control their actions and ruined it for everyone around them. With that in mind, I'm personally fine with excluding those who have abused the privilege and been banned from the stadium. How this was managed before the technology became available is beyond me, but it must certainly be a more realistic task now.
Does the capture of every patron's personal information — their biometric facial profile — to pick out the few meet reasonable and proportional standards in the circumstances? That's not for me to decide and I wouldn't offer a view.
This topic and decision is the important task of the IAPP community. Helping to advance society's understanding and management of sensitive and personal data is truly a worthy task and profession and the IAPP is pleased to serve and support that work and the need for content and community to help further it.
Adam Ford is the managing director, Australia, New Zealand, for the IAPP.
This article originally appeared in the Asia-Pacific Dashboard Digest, a free weekly IAPP newsletter. Subscriptions to this and other IAPP newsletters can be found here.
