Brian Sims

ICO and OAIC conclude joint investigation focused on Clearview AI Inc

THE UK’s Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC) opened a joint investigation into the personal information handling practices of Clearview AI Inc back in July 2020. The investigation focused on the company’s use of data scraped from the Internet and the use of biometrics for facial recognition.

The ICO and the OAIC worked together on the evidence-gathering stage of the investigation. As both data protection authorities operate under their own country’s particular legislation, any outcomes are considered separately. Each authority has also been looking separately at their respective national police services’ use of the technology.

The joint investigation has now come to a conclusion and the ICO is considering its next steps in tandem with any formal regulatory action that may be appropriate under the UK’s data protection laws.

The OAIC has released its determination into Clearview AI which is published and available to view on the organisation’s website.

Shared regulatory challenge

Commenting on the case, Elizabeth Denham (the Information Commissioner) said: “Our digital world is international and so our regulatory work must be international as well, particularly so where we are looking to anticipate, interpret and influence developments in tech for the global good.”

Denham continued: “That doesn’t mean sharing the same laws or approaches, but does mean finding ways for our different approaches to work side-by-side and to co-ordinate and share the regulatory challenge where technologies impact our citizens across international borders. This helps to minimise the burden on data protection authorities and those whom they regulate. That’s what we were able to achieve in this case. The end result is an investigation that will protect consumers in both the UK and Australia.”

Australian Information Commissioner and Privacy Commissioner Angelene Falk responded: “The joint investigation with the ICO has been highly valuable and demonstrates the benefits of data protection regulators collaborating to support effective and proactive regulation. The issues raised by Clearview AI’s business practices presented novel concerns in a number of jurisdictions. By partnering, the OAIC and the ICO have been able to contribute to an international position and shape our global regulatory environment.”

Social media platforms

Clearview’s facial recognition app allows users to upload a photograph of an individual’s face and match it to images of that person’s face collected from the Internet. It then links to where the photographs appeared. The system is reported to include a database of more than three billion images that Clearview claims to have taken or ‘scraped’ from various social media platforms and other websites.

For its part, the OAIC regulates the Australian Privacy Act 1988, which applies to most Australian Government agencies and organisations with an annual turnover of more than AU$3 million, as well as those that trade in personal information.

The joint investigation followed on from preliminary inquiries with Clearview AI. The investigation process was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. It was also conducted under the Global Privacy Assembly’s Global Cross-Border Enforcement Co-operation Arrangement and the Memorandum of Understanding signed by the ICO and the OAIC.

Company Info

Security Matters

Western Business Media
Dorset House
64 High Street
East Grinstead
RH19 3DE

Login / Sign up