ICO and OAIC concluded a joint investigation into Clearview AI Inc5th November 2021
In July 2020, ICO and the Office of the Australian Information Commissioner (OAIC) opened a joint investigation regarding the personal information handling practices of Clearview AI Inc. They worked together on the evidence-gathering stage.
Clearview AI is a US business that claims to use innovative artificial intelligence technology to recognise people, including those wanted by law enforcement. They state that they have more than 3 billion images indexed in their database, including people outside the US. Some of their pictures have been taken from various social media platforms, even though the platforms told them to stop collecting these images.
The joint investigation was centred on how Clearview AI used data taken from the internet and the use of biometrics for facial recognition.
The joint investigation has now finished. The consequences will be considered separately by each of the two authorities as they are bound by the different legislation as applied in their own country.
Each authority has also been looking individually at their respective police forces’ use of the technology.
The ICO is deciding what the next steps will be and if any formal regulatory action will be deemed necessary under the UK data protection laws.
Elizabeth Denham, UK Information Commissioner, said:
“Our digital world is international, and so our regulatory work must be international too, particularly where we are looking to anticipate, interpret and influence developments in tech for the global good.
“That doesn’t mean sharing the same laws or approaches, but on finding ways for our different approaches to work side by side and to co-ordinate and share the regulatory challenge where technologies impact our citizens across international borders. This helps minimise the burden on data protection authorities and those they regulate. That is what we were able to achieve in this case, and the result is an investigation that will protect consumers in both the UK and Australia.”
The OAIC found that Clearview AI breached Australian data protection law by:
- collecting Australians’ sensitive information without consent
- collecting personal information by unfair means
- not taking reasonable steps to notify individuals of the collection of personal information
- not taking reasonable steps to ensure that the personal information it disclosed was accurate, having regard to the purpose of disclosure
- not taking reasonable steps to implement practices, procedures, and systems to comply with the Australian Privacy Principles.
Australian Information Commissioner and Privacy Commissioner Angelene Falk said:
“The joint investigation with the ICO has been highly valuable and demonstrates the benefits of data protection regulators collaborating to support effective and proactive regulation.
“The issues raised by Clearview AI’s business practices presented novel concerns in a number of jurisdictions. By partnering together, the OAIC and ICO have been able to contribute to an international position and shape our global regulatory environment.”
For more information, you can read the excellent legal analysis by Cordery Compliance, Cordery are one of the UK’s leading law firms in all matters related to data protection. You can also read the ICO’s full statement here.
If you have any concerns about your data protection practices, please take advantage of a 30-minute consultation with one of the specialists at The Griffin House Consultancy. This initial half an hour is entirely at our expense and is without obligation.