Facial recognition at the entrance, a voiceprint to reset a password, a face match to prove identity at onboarding: these are all AI systems collecting biometric information. In Australia, biometric information is not ordinary personal information. Under the Privacy Act 1988 (Cth) it is "sensitive information", which sits at the top of the protection hierarchy and generally cannot be collected without consent.
That distinction is where many AI deployments quietly fall over. Teams treat a facial recognition camera or a voice-verification model as a security or convenience upgrade and forget it is, in law, a sensitive information collection event. A sign at the door is not consent. This explainer sets out what valid biometric consent looks like under Australian Privacy Principle 3.3, where AI systems trip the requirement, and what to have in place before a regulator or a customer asks.
Why biometric information sits in a higher category
The Privacy Act draws a line between personal information and sensitive information. Sensitive information includes health, race, and, importantly here, biometric information used for automated biometric verification or identification, together with biometric templates. A biometric template is the mathematical representation a system derives from a face, voice, or fingerprint. It is still sensitive information even though it is not a stored photograph.
The practical effect is that the default flips. For ordinary personal information, an organisation can collect what is reasonably necessary for its functions. For sensitive information, collection generally requires the individual's consent and that it be reasonably necessary. Consent is the gate, not an afterthought.
What counts as biometric AI
The category is broader than a single flagship product. Facial recognition in a venue, voiceprint matching in a call centre, face-based identity verification at onboarding, and fingerprint or iris matching for access control all generate biometric information or templates. If an AI model turns a body characteristic into a signal used to verify or identify a specific person, you are collecting sensitive information.
What Australian Privacy Principle 3.3 requires
APP 3.3 is the operative rule. It provides that an organisation must not collect sensitive information about an individual unless the individual consents and the information is reasonably necessary for one or more of the organisation's functions or activities, subject to limited exceptions such as certain legal requirements or specified emergencies. For most commercial biometric deployments neither exception applies, so consent is the load-bearing element.
Consent under the Privacy Act is not a formality. The Office of the Australian Information Commissioner, the regulator, treats valid consent as having four features. It must be voluntary: the individual has a genuine choice and is not penalised for declining. It must be informed: the person understands what is being collected, by what means, and why. It must be specific: consent to enter a building is not consent to have your face scanned and matched. And the individual must have capacity to give it. Consent bundled into general entry conditions, buried in signage, or implied from walking through a door will struggle against that standard.
Reasonably necessary is a second test
Even with consent, the collection must be reasonably necessary for a genuine function. If a less intrusive method would achieve the same purpose, a regulator can question whether the biometric system was necessary at all. Consent does not cure an over-collection problem: both limbs have to hold.
Where AI trips the requirement
Signage treated as consent. A notice reading "facial recognition in use" informs, at best, but does not obtain voluntary, specific consent. Passive notice is the most common failure pattern in retail and venue deployments.
Bundled or conditional consent. Making biometric scanning a condition of service, with no realistic alternative, undermines the voluntary element. If declining means being turned away from an essential service, the consent is weak.
Silent template creation. AI systems often generate and store a biometric template even when the person believes only a transient check occurred. The template is itself sensitive information, so its creation and retention must be disclosed and consented.
Function creep. A biometric system deployed for one purpose, such as loss prevention, later feeds marketing, analytics, or a watchlist. Consent for the first purpose does not stretch to the second.
Enrolment without a real choice. Voice or face verification set as the only way to access an account, with no password or human fallback, pressures individuals into biometric collection they did not freely choose.
These are not hypothetical concerns. In a 2024 determination, the OAIC found a major retailer's facial recognition deployment in breach and ordered remediation, including destruction of the collected information. Other biometric deployments made without valid consent have also drawn OAIC determinations. The consistent theme: scale and good intentions do not substitute for consent that meets the standard.
What to have in place before an incident
Inventory every biometric use case. List each place where an AI system collects a face, voice, fingerprint, or iris signal, or creates a template, across retail floors, contact centres, apps, and access points. You cannot govern what you have not mapped.
Suspend or formally justify each use case. For any deployment running without documented valid consent, the safer position is to suspend it or record a considered justification for why it may lawfully continue while you remediate. Do not let an unconsented system keep collecting.
Obtain valid consent at the point of collection. Design a consent step that is voluntary, informed, and specific, given by someone with capacity, with a genuine non-biometric alternative wherever the biometric path is not strictly required. Record when and how consent was given.
Complete a privacy impact assessment. A PIA should test both APP 3.3 limbs, whether the collection is reasonably necessary and whether a less intrusive alternative exists, and document the template lifecycle, retention, and destruction.
Set retention and destruction rules for templates. Because templates are sensitive information, decide how long they are kept and ensure they are destroyed when no longer needed, so a future review does not surface data you should have deleted.
Keep an audit trail. Hold the PIA, the consent design, the justification for each use case, and the retention decisions where you can produce them quickly. A regulator's first request is usually for the reasoning, not just the outcome.
Biometric AI is one of the clearest cases where the instrument is unambiguous: sensitive information, consent-gated, with a reasonably-necessary test on top. If you are running facial recognition, voiceprints, or biometric identity checks, the quickest way to see which obligations that triggers is the free AIRA Health Check, which maps your AI use to the specific Privacy Act duties it engages so you can act before, not after, an incident.