Commonwealth Bank collection of Biometric Data

In 2024 the Commonwealth Bank made a policy change to collect and use biometric data from users PCs and Smartphones.

Background

The Commonwealth Bank expanded on their measures to secure accounts from scams and fraud by announcing CommBank Safe. Part of these measures included the collection of biometric (such as fingerprints and facial features_ and behavioural profile information (such as your keystroke typing patterns or scrolling or swiping activity).

The Commonwealth Bank provided no 'sandbox' around securing this information and it can be utilised fgor anything in thier privacy policy including, being shared with third parties or used to trian thier own AI tools.

Users are unable to opt out of this data collection and provided with a splash page when they log in with only an 'accept the new terms' option.

Commonwealth Bank's response

The Australian Financial Complaints Authority has received many complaints in relation to this new practice however is unable to investigate, as in each instance the Commonwealth Bank advise that this is 'company policy' and outside of the AFCA's jurisdiction (C2.2.2 (c) of the AFCA rules).

In each instance customers are advised to utilise alternative forms of access to thier accounts, such as phone or attendance at a physical branch.

References

Add a category with the same name as the product, service, website, software, product line or company that this article is about.

The "Incidents" category is not needed.

Add your text below this box. Once this section is complete, delete this box by clicking on it and pressing backspace.