In, Commissioner initiated investigation into Clearview AI, Inc. (Privacy) [2021] AICmr 54, the Commissioner determined that Clearview AI (Clearview) breached its obligations under the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs) through the use of its facial recognition tool which enabled a registered user to search for a “match” by uploading an image of an individual which would be searched against Clearview’s database of over three billion images for the purposes of identifying an individual. 

Following a joint investigation between the United Kingdom’s Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC), the Commissioner determined, pursuant to section 52(1A) of the Privacy Act 1988 (Cth) (Privacy Act), that Clearview had breached the APPs through its collection of sensitive biometric information without valid consent and that the collection was unfair and intrusive. It was also determined that Clearview had failed to take reasonable steps to notify the relevant individuals that their image had been scraped from a public website and that Clearview had failed to take reasonable steps to ensure that the personal information it disclosed through its facial recognition search tool was accurate. In addition, the Commissioner found that Clearview had failed to take reasonable steps to implement practices, procedures and systems to ensure compliance with the APPs. The practice of data scraping is currently under consideration in the review of the Privacy Act where it is proposed that data scraping practices should be included in a list of prohibited practices, see Article, Privacy Act review: Summary of proposed reforms from the Discussion Paper: No-go zones.

See new resource, Legal update: case report, Clearview AI privacy determination: Commissioner sends clear message on intrusive data scraping practices.