This page considers privacy in entertainment venues, such
as pubs, clubs and sports complexes.
It covers -
Public and private entertainment venues do not automatically
and comprehensively fall outside national or state/territory
The operators of Australian entertainment venues can accordingly
seek identification of potential patrons as a condition
of entry, with collection and handling of that personal
data occurring within frameworks provided by the legislation.
Operators are also subject to law in relation to surveillance
of individuals within the venue, for example covert/overt
video surveillance in toilets, concourses and lifts.
The expectations of operators and of consumers vary, with
some club and hotel patrons for example asserting that
federal law (or even the Australian Constitution)
prohibits an operator's demand for provision of a proof
of identity or that it is necessarily illegal for the
operator to scan that identity document.
A discussion of age verification systems features here.
As with the 'workplace' and retail privacy regimes noted
in the preceding page of this profile, audiences do not
have a comprehensive right of access to any entertainment
venue. (National and state/territory anti-discrimination
law bounds differential access, for example inhibiting
refusal of entry on the basis of ethnicity.)
The owners and/or operators of venues can require some
indication of identity as a prerequisite for authorised
entry to spaces such as -
and other social clubs
facilities such as a pool, racetrack or stadium.
venue operators are less concerned than others and identification
often consists simply of carrying a ticket of entry, a
document that may be underpinned by specific conditions.
Other operators are required to ascertain a potential
entrant's eligibility. That eligibility might involve
determining that the individual meets a statutory proof
of age test, for example bears a driver's
licence or discrete proof of age card and therefore
satisfies obligations placed on the venue operator under
state alcohol licensing law.
Some organisations have gone beyond identity checking
to satisfy government requirements and have used personal
identity documents as a form of audience management, for
example excluding patrons from repeat visits on the basis
that an individual has misbehaved in the past. Such blacklisting
is analogous to the motel blacklists
discussed elsewhere on this site. Others have selectively
sought verification of identity to inhibit ticket scalping.
Venue operators have similarly sought to collect data
to cut costs (eg automate screening by bouncers
in queues for nightclubs), as the basis for 'stealth'
customer loyalty programs
(eg unauthorised mailshots to customers) or even egregious
abuses such as selling data to third parties.
One mechanism has been digital copying of 'proof of identity'
documents, either through a 'front desk camera' or a proof
of ID scanner. That copying has sometimes been supplemented
by issue of venue-specific identity passes or even by
biometric systems such
as thumbprint scanning.
Commercial ID scanning systems are being actively marketed
in Australia and overseas. One vendor for example touts
a solution with attributes that include -
alerts to under-age and banned customers
Share your banned customers with other venues automatically
Builds an accurate and precise database
Creates doorman nightly report
Photo gallery of customers
Graphic demographic reports
700 + scans per hour will not hold up your queue
Amazing marketing tool
Automatically produces address labels
Saves money and your license
Customer frequency report
Uptake of that technology and misuse by venue operators
or third parties is unclear.
issues and responses
Some consumers, privacy-savvy or otherwise, appear to
be indifferent to copying. Others have expressed concerns
that include -
that identity information is being captured per
that information will be provided to criminals (eg used
to alert burglars that a patron is at the venue and
thus unlikely to interrupt a robbery)
about the security of the data
of information about the venue's data handling practice
about whether information is being provided to third
about whether the venue operator and associates are
integrating the captured data with other information
for internal use or provision to another organisation.
has not been a comprehensive study by government agencies
or other entities regarding consumer perceptions and actual
venue practice. Operators typically appear to rely on
the argument that scanning is a condition of entry to
the particular venue, a condition freely accepted by a
patron who can choose another venue that does not require
One twenty-something nightclubber thus said "it's
fine ... I surrender my privacy when I go through the
door. If that's the price I pay to be hot, its fine".
A response is that habituation of venues and consumers
will presumably encourage proliferation of scanning systems,
reducing the number of alternative venues that do not
require image capture as a condition of entry.
The Office of the Federal Privacy Commissioner (OFPC)
has not moved beyond exhortation. In 2007 for example
it indicated that
practice can, however, create significant privacy risks
and could undermine customers' trust in the business.
In some cases, customers may choose not to do business
with that organisation.
This Office's Community Attitudes to Privacy 2007
survey found only 18% of individuals surveyed felt it
was acceptable for identification documents to be copied
in order to obtain entry into licensed premises.
OFPC advised that a venue operator may only scan patron
identity documents if that is "necessary" for
its "functions or activities", although offering
little guidance on what is "necessary" and appropriate.
It suggests that in the first instance organisations should
consider whether identification is required and, if so,
whether simply sighting a 'proof of identity' document
without scanning it would be sufficient.
Organisations that use scanning technology must comply
with the National Privacy Principles. The OFPC has indicated
general, if you scan customers' identity documents,
the Privacy Act requires that, among other things, you:
only necessary personal information;
customers information about why you are collecting their
personal information and how it will be handled;
use or disclose the personal information for the purpose
of the collection, unless an exception applies;
retain the scanned personal information for as long
as necessary, consistent with the collection purpose;
the personal information securely and allow access to
it by the individual if requested.
may be able to have greater confidence about meeting
their obligations under the Privacy Act by getting the
express consent of customers before scanning identity
That comment should give little comfort to many consumers,
given the low threshhold facing organisations that wish
to meet obligations under the national legislation.
The OFPC notes that the federal Privacy Act gives individuals
the right to complain if they think personal information
has been mishandled, with potential investigation by the
What of privacy once a patron has entered an entertainment
Regimes within venues are the same as those in retail
and other spaces highlighted in the preceding page of
this profile. It is a commonplace that venue operators
use CCTV to track movement,
identify incidents and even deter misbehaviour in 'public'
areas of entertainment venues. Those areas include -
escalators and elevators
and other sports facility seating
of that video might only be sighted by the venue operator;
it might instead be displayed to the audience (often more
exciting than shots of seagulls expiring of boredom during
a cricket match at the MCG).
Visitors to entertainment venues have some protection
in 'non-public' areas (such as toilets) where there is
a reasonable expectation of privacy. As with retail spaces,
venue operators sometimes engage in electronic surveillance
of those areas, typically with signage alerting patrons
that cameras or other devices may be used.