3 November 2021

The Office of the Australian Information Commissioner (OAIC) and the UK’s Information Commissioner’s Office (ICO) opened a joint investigation into the personal information handling practices of Clearview AI Inc in July 2020.

The investigation focused on the company’s use of data scraped from the internet and the use of biometrics for facial recognition.

The ICO and OAIC worked together on the evidence-gathering stage of the investigation. As both data protection authorities operate under their own country’s legislation, any outcomes are considered separately. Each authority has also been looking separately at their respective police forces’ use of the technology.

The joint investigation has finished and the ICO is considering its next steps and any formal regulatory action that may be appropriate under the UK data protection laws.

The OAIC today released its determination into Clearview AI which is published on the OAIC website.

Elizabeth Denham, Information Commissioner said: “Our digital world is international and so our regulatory work must be international too, particularly where we are looking to anticipate, interpret and influence developments in tech for the global good.

“That doesn’t mean sharing the same laws or approaches, but on finding ways for our different approaches to work side by side and to co-ordinate and share the regulatory challenge where technologies impact our citizens across international borders. This helps minimise the burden on data protection authorities and those they regulate. That is what we were able to achieve in this case, and the result is an investigation that will protect consumers in both the UK and Australia.”

Australian Information Commissioner and Privacy Commissioner Angelene Falk said: “The joint investigation with the ICO has been highly valuable and demonstrates the benefits of data protection regulators collaborating to support effective and proactive regulation.

“The issues raised by Clearview AI’s business practices presented novel concerns in a number of jurisdictions. By partnering together, the OAIC and ICO have been able to contribute to an international position, and shape our global regulatory environment.”

Background

  • Clearview’s facial recognition app allows users to upload a photo of an individual’s face and match it to photos of that person’s face collected from the internet. It then links to where the photos appeared. The system is reported to include a database of more than three billion images that Clearview claims to have taken or ‘scraped’ from various social media platforms and other websites.
  • The ICO is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  • The OAIC regulates the Australian Privacy Act 1988, which applies to most Australian Government agencies and organisations with an annual turnover of more than AU$3 million, as well as those that trade in personal information. The investigation follows preliminary inquiries with Clearview AI.
  • The joint investigation was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. It was also conducted under the Global Privacy Assembly's Global Cross Border Enforcement Cooperation Arrangement and the MOU between the OAIC and ICO.