Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
International: OAIC publishes determination confirming Clearview AI breached privacy of Australians
The Office of the Australian Information Commissioner ('OAIC') published, on 3 November 2021, its determination, which followed a joint investigation by the OAIC and UK's Information Commissioner's Office ('ICO'), which found that Clearview AI, Inc breached Australians' privacy by scraping their biometric information from the web and disclosing it through a facial recognition tool. In particular, the determination highlighted that Clearview AI had breached the Privacy Act 1988 (No. 119, 1988) (as amended) by:
- collecting Australians' sensitive information without consent;
- collecting personal information by unfair means;
- not taking reasonable steps to notify individuals of the collection of personal information;
- not taking reasonable steps to ensure that personal information it disclosed was accurate, having regard to the purpose of disclosure; and
- not taking reasonable steps to implement practices, procedures, and systems to ensure compliance with the Australian Privacy Principles.
Furthermore, the determination has ordered Clearview AI to cease collecting facial images and biometric templates from individuals in Australia and to destroy existing images and templates collected from Australia. In addition, the determination highlighted that the OAIC found a lack of transparency around Clearview AI's collection practices, monetisation of individuals' data for a purpose entirely outside reasonable expectations, and risk of adversity to people whose images are included in their database. Further to this, the determination noted that the OAIC found the privacy impact of Clearview AI's biometric system were not necessary, legitimate, and proportionate, and did not have regard to any public interest benefits.
Moreover, the OAIC published, on the same day, a statement which gave the background on the investigation and confirmed that the ICO worked with the OAIC on the evidence-gathering stage of the investigation. Notably, the OAIC added that each of the authorities has also been looking separately at their respective police forces' use of the technology; the OAIC released its findings on 3 November 2021, while the ICO is considering its next steps and any formal regulatory action that may be appropriate under the UK's data protection laws. Finally, the ICO released, on the same day, a statement which confirmed the conclusion of the joint investigation.
You can read the OAIC's statements here and here, their determination here, and the ICO's press release here.