By Staff Writer
Controversial facial recognition tech company Clearview AI has fallen foul of the Office of the Australian Information Commissioner (OAIC). Last week, the OAIC found Clearview had breached privacy laws by collecting facial images and other biometric templates of Australians without their consent.
The findings follow a joint investigation by the OAIC and the UK’s Information Commissioner’s Office (ICO). On Thursday, the OAIC said Clearview had breached the Australian Privacy Act 1988 in five ways.
“When Australians use social media or professional networking sites, they don’t expect their facial images to be collected without their consent by a commercial entity to create biometric templates for completely unrelated identification purposes,” said Commissioner Angelene Falk.
Clearview scrapes facial images of people from publicly available online sources such as social media platforms, collating those images into a database. The US-based company then sells access to that database to law enforcement agencies.
“Our platform, powered by facial recognition technology, includes the largest known database of ten billion plus facial images sourced from public-only web sources, including news media, mugshot websites, public social media, and other open sources,” says Clearview.
But the OAIC said Clearview had been collecting Australians’ sensitive information without consent, collecting personal information by unfair means, and not taking reasonable steps to notify individuals of the collection of personal information.
The privacy watchdog also found that Clearview did not take reasonable steps to ensure that its disclosed personal information was accurate. Further, Clearview did not take reasonable steps to implement practices, procedures and systems to comply with the Australian Privacy Principles.
“The covert collection of this kind of sensitive information is unreasonably intrusive and unfair,” Commissioner Falk said.
“It carries significant risk of harm to individuals, including vulnerable groups such as children and victims of crime, whose images can be searched on Clearview AI’s database.
“By its nature, this biometric identity information cannot be reissued or cancelled and may also be replicated and used for identity theft. Individuals featured in the database may also be at risk of misidentification.”
Commissioner Falk said Clearview must stop collecting the facial images and biometric templates of Australians. Further, images and templates already collected must be destroyed.
No Australian law enforcement agency currently uses Clearview. However, the Australian Federal Police, Queensland Police, Victoria Police and South Australia Police trialled the service over the 2019/20 period with some success.
In their response to the OAIC’s findings, Clearview said Commissioner Falk misunderstood the company’s business. Clearview says all information collected comes from open sources, and they fully comply with the laws where they operate. Clearview argued they are a US company, and images held were published in the US.
“Not only has the commissioner’s decision missed the mark on the manner of Clearview AI’s manner of operation, the commissioner lacks jurisdiction,” a spokesperson for Clearview said last week.
Despite no longer having any customers in Australia, Clearview AI says it will appeal to the Administrative Appeals Tribunal.