OAIC and ICO open joint investigation into Clearview AI Inc

The investigation highlights the importance of enforcement co-operation in protecting the personal information of Australian and UK citizens in a globalised data environment.

In line with the OAIC’s Privacy Regulatory Action Policy and the ICO’s Communicating Our Regulatory and Enforcement Activity Policy, no further comment will be made while the investigation is ongoing.

Clearview’s facial recognition app allows users to upload a photo of an individual and match it to photos of that person collected from the Internet. It then links to where the photos appeared. It’s reported that the system includes a database of more than three billion images that Clearview claims to have taken or ‘scraped’ from various social media platforms and other websites.

The OAIC regulates the Australian Privacy Act 1988, which applies to most Australian Government agencies and organisations with an annual turnover of more than AU$3 million, as well as those that trade in personal information. The investigation follows preliminary enquiries with Clearview AI.

The ICO, of course, is the UK’s independent regulator for data protection and information rights law, upholding information rights in the public interest, promoting openness by public bodies and data privacy for individuals.

The joint investigation will be conducted in accordance with the Australian Privacy Act 1988 and the UK’s Data Protection Act 2018. It will be conducted under the Global Privacy Assembly’s Global Cross-Border Enforcement Co-operation Arrangement and the MoU between the OAIC and the ICO.

The OAIC and the ICO will engage with other data protection authorities who have raised similar concerns where it’s deemed relevant and appropriate to do so.