Nightclubs appear to be clearly breaching the privacy of patrons who are being forced to undergo fingerprint, face and driver's licence scans before being allowed admission. CLA has asked the Office of the Privacy Commissioner to launch an 'own motion' investigation to clarify what's permissible and what's not.

Continue reading »...

16 December 2008

Ms Karen Curtis
Privacy Commissioner
GPO Box 5218
SYDNEY  NSW  2001

Dear Ms Curtis

RE:  Own motion investigation – fingerprint scanning of nightclub patrons

I write to you to request that your office conduct an own motion investigation into the emerging practice of some night club owners of requiring patrons to undergo a digital scan of their fingerprints and drivers’ licences, and have a digital picture of their face taken, before they are admitted into night clubs.

Civil Liberties Australia, which is a not-for-profit organisation committed to protecting civil liberties and human rights, has received a number of inquiries and complaints from members of the public into the lawfulness of the ‘NightKey’ machine.

The NightKey machine makes a digital image of a person’s fingerprints, face and driver’s licence, and then transmits this information to be permanently stored on an electronic database administered by EntryData Pty Ltd (ACN 098 160 144).   Software associated with NightKey allows patrons to be put on a “banned persons database”, whereby patrons may be indefinitely denied entry into nightclubs based on the arbitrary assessments of door staff.

More information about the NightKey machine can be accessed at www.nightkey.com.au.

Civil Liberties Australia is of the view that NightKey, and the associated database, constitute an egregious breach of privacy, and amount to a clear breach of Schedule 3 of the Privacy Act 1988 (Cth).  In particular, we are of the view that requiring a person to submit to a fingerprint scan, and allowing a digital image of their face and driver’s licence to be taken before they may enter a nightclub, is clearly contrary to paragraphs 1.1 and 1.2 of Schedule 3 of the Privacy Act. In our view, this practice is unnecessary, and amounts to an excessive and disproportionate use of a person’s personal information.  Further, the maintenance of such a database has the potential for substantial abuse.

I also note, from my own observations of the NightKey machine in operation at the Sultan’s night club in Canberra, that when patrons do accede to their personal information being taken by the NightKey machine, the club fails to adhere to it’s obligations under paragraph 1.3 of Schedule 3 of the Privacy Act.

I note that in the matter of Office of the Information and Privacy Commissioner v Penny Lane Entertainment Group (CF P025 [2008]), a similar practice was found to be unreasonable by the Alberta Information and Privacy Commissioner, and was held to be in breach of the Personal Information Protection Act S.A. 2003. For your convenience, I have enclosed a copy of that decision.

I ask that your office investigate whether the practice of nightclubs fingerprinting their patrons, making digital images of their faces and drivers’ licences, and storing this information on an electronic database, complies with the Privacy Act; and if not, that you take appropriate enforcement action.

If I can be of any assistance in relation to this matter, please don’t hesitate to contact me.

Yours sincerely

Anthony Williamson
Director
Civil Liberties Australia

Attachment:
Copy of the decision of Office of the Information and Privacy Commissioner v Penny Lane Entertainment Group (CF P025 [2008])