Using facial recognition technology in licensed venues

The Gaming Machine (Facial Recognition Technology) Amendment Regulation 2025 authorises liquor and gaming venues to use facial recognition technology (FRT) to detect banned and excluded people. Banned or excluded people might be under a banning order or self-exclusion, or excluded by the premises.

You don't need to seek consent before using FRT to determine if someone is banned or excluded from your premises. If you want to use FRT for other purposes, you'll need to have consent from customers before collecting their personal information. You should also seek legal advice about your privacy obligations.

Read more about privacy and ID scanning systems.

Privacy laws

To use FRT in your venue, you need to comply with the Privacy Act 1988 (Cwlth).

Businesses with a turnover of more than $3 million per year are automatically covered by the Privacy Act and have to comply with Australian Privacy Principles (APPs).

If you want to use FRT in your venue and your business has an annual turnover of $3 million or less, you must opt in to the Privacy Act. You'll need a privacy policy for your business to opt in. When you're ready, complete the online opt-in application form.

Before installing FRT, you should complete a privacy impact assessment (PIA) to identify privacy risks. Use the Office of the Australian Information Commissioner's PIA tool.

Your obligations

When using FRT in your venue, you must:

• opt in to the Privacy Act and comply with the APPs
• make sure your FRT system has a function to delete any information that doesn't identify an excluded person
• display signage that tells people FRT is being used in your venue—the signage must be
  • at each entrance to the premises
  • at each entrance to the gaming area
  • near any ID scanners
• not keep or disclose any personal information collected by the FRT system if the licence ends
• place the FRT system so it doesn't capture information from anyone who isn't entering your venue, for example people walking past
• ensure any personal information held by the FRT system isn't used to encourage people to gamble or consume liquor, and that it's not used in connection with a loyalty or reward program.

There are penalties for failing to comply with these obligations.

Read the Guideline on using facial recognition technology in a licensed premises for more information about your obligations.

Also consider…

• Read the Privacy Commissioner's guide to assessing the privacy risks of facial recognition technology.
• Read Gaming guideline 15: Minimising harm from electronic gaming machine gambling for guidance on minimising gambling harm.
• Read Gaming guideline 16: Preventing excluded persons entering or remaining on licensed premises for more information about managing excluded patrons.
• Contact the Office of the Australian Information Commissioner (OAIC) for more information about your privacy obligations.