The Office of the Australian Information Commissioner (OAIC) and the UK’s Information Commissioner’s Office (ICO) have opened a joint investigation into the personal information handling practices of Clearview AI Inc., focusing on the company’s use of ‘scraped’ data and biometrics of individuals.

The investigation highlights the importance of enforcement cooperation in protecting the personal information of Australian and UK citizens in a globalised data environment.

In line with the OAIC’s Privacy Regulatory Action Policy, and the ICO’s Communicating our Regulatory and Enforcement Activity Policy, no further comment will be made while the investigation is ongoing.

Background

  1. Clearview’s facial recognition app allows users to upload a photo of an individual and match it to photos of that person collected from the internet. It then links to where the photos appeared. It is reported that the system includes a database of more than three billion images that Clearview claims to have taken or ‘scraped’ from various social media platforms and other websites.
  2. The OAIC regulates the Australian Privacy Act 1988, which applies to most Australian Government agencies and organisations with an annual turnover of more than AU$3 million, as well as those that trade in personal information. The investigation follows preliminary enquiries with Clearview AI.
  3. The ICO is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.
  4. The joint investigation will be conducted in accordance with the Australian Privacy Act 1988 and the UK Data Protection Act 2018. It will be conducted under the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and the MOU between the OAIC and the ICO.
  5. The OAIC and ICO will engage with other data protection authorities who have raised similar concerns, where relevant and appropriate.