The Office of Australian Information Commissioner rules facial recognition breach
The Office of Australian Information Commissioner (OAIC) has claimed that Clearview AI breached Australian privacy laws for its facial recognition database.
Australia’s Information and Privacy Commissioner found that Clearview AI unlawfully scrubbed biometric data from the internet and passed it through a facial recognition tool. This facial recognition information was then passed on to law enforcement and government agencies to identify wanted individuals. The OAIC led this investigation in connection with the UK Privacy Commission to find that Clearview AI breached Australia’s privacy legislation by:
· “collecting Australians’ sensitive information without consent
· collecting personal information by unfair means
· not taking reasonable steps to notify individuals of the collection of personal information
· not taking reasonable steps to ensure that personal information it disclosed was accurate, having regard to the purpose of disclosure
· not taking reasonable steps to implement practices, procedures, and systems to ensure compliance with the Australian Privacy Principles.”
The OAIC has ordered Clearview AI to “cease collecting facial images and biometric templates from individuals in Australia, and to destroy existing images and templates collected from Australia.” Clearview AI holds a database of over ten billion facial images taken from social media platforms. Users can then upload images of wanted individuals and Clearview AI’s tool will cross-reference the uploaded image with its database. As such, the OAIC noted that this method of image tracing was unreasonable, lacked transparency, and posed a serious risk of privacy intrusion against individuals. Australia’s Information and Privacy Commissioner was also of the opinion that this level of biometric scanning was not reasonable nor necessary, especially within the means of public interest.
Clearview AI challenged the OAIC’s decision, claiming the OAIC does not have jurisdiction over the company since it does not operate in Australia nor have any customers here. Clearview AI also went on to say that all of its collected images were harvested lawfully from online news outlets, mugshot websites, and social media. Moreover, the company is of the opinion that the information held in its database is not personal information. Conversely, the OAIC is adamant that the facial images are personal information covered by the Privacy Act 1988 (Cth) and were captured for a commercial purpose.
Facial recognition tracking is only becoming a bigger issue, so it is great to see the OAIC take a proactive stance in protecting Australia’s privacy.
The 50 page OAIC determination is available here.