Clearview Officially Kicked Out Of Australia For Violation Country's Privacy Laws

from the going-to-be-missing-most-of-the-Five-Eyes-pretty-soon dept

Clearview -- the facial recognition tech company whose unproven AI runs searches on 10 billion images scraped from the web -- has been booted from another country.

Last July, Clearview pulled out of Canada while under investigation by its government. Eight months later, the investigation concluded, with the Canadian Privacy Commissioner finding Clearview's scraping of web content violated the rights of Canadian citizens by gathering their information without their permission.

The same thing has just happened in Australia. An investigation by the Office of the Australian Information Commissioner (OAIC), in conjunction with the UK's Information Commissioner's Office, has determined Clearview broke the law there as well.

Commissioner [Angelene] Falk found that Clearview AI breached the Australian Privacy Act 1988 by:

• collecting Australians’ sensitive information without consent
• collecting personal information by unfair means
• not taking reasonable steps to notify individuals of the collection of personal information
• not taking reasonable steps to ensure that personal information it disclosed was accurate, having regard to the purpose of disclosure
• not taking reasonable steps to implement practices, procedures and systems to ensure compliance with the Australian Privacy Principles.

The determination orders Clearview AI to cease collecting facial images and biometric templates from individuals in Australia, and to destroy existing images and templates collected from Australia.

We'll see if that order has any effect. It's unclear whether Clearview has any mechanism in place to determine where content originated from and/or what content contained in its 10-billion image database belongs to Australian citizens. Hopefully it does have something to aid in compliance with orders like these. Because it would be extremely irresponsible -- especially following a similar ejection six months ago -- to continue to scrape the web in contravention of two governments' orders to cease collection and destroy locally-sourced content.

The Information Commissioner says Clearview's collection methods are "unreasonably intrusive and unfair." They also put millions of people at risk for identity fraud if the database were ever to be compromised. In addition, the database undoubtedly contains millions of pictures of minors and other at-risk groups, like victims of crimes -- both of which are given additional privacy protections under Australian law.

The report also notes that Clearview's brief run in Australia had the opportunity to create more than theoretical harm. Australian law enforcement agencies -- including the federal police -- performed test runs of Clearview's software over a period of five months (October 2019 - March 2020). The Australian Federal Police is currently being investigated for its use of Clearview's tech to determine whether its test runs complied with privacy laws.

Clearview's rebuttal to this report claims two things: it pulled access from Australian law enforcement following the initiation of this investigation and that, as an American company, it does not have to comply with Australia's laws.

The Information Commissioner disagrees:

However, Commissioner Falk said she was satisfied Clearview AI was required to comply with Australian privacy law and that the information it handled was personal information covered by the Privacy Act.

“Clearview AI’s activities in Australia involve the automated and repetitious collection of sensitive biometric information from Australians on a large scale, for profit. These transactions are fundamental to their commercial enterprise,” she said.

“The company’s patent application also demonstrates the capability of the technology to be used for other purposes such as dating, retail, dispensing social benefits, and granting or denying access to a facility, venue or device.

“This case reinforces the need to strengthen protections through the current review of the Privacy Act, including restricting or prohibiting practices such as data scraping personal information from online platforms."

Two countries have banned Clearview entirely and they won't be the last to do so. Back in the United States, where Clearview can't use the "local laws don't apply to us" excuse, the company is being sued in two states for the same reason: violating privacy laws. It has no friends in the facial recognition field and its use of web scraping to compile a database of billions of images hasn't made it any allies anywhere else in the tech field.

Sooner or later, Clearview's going to be stuck with selling to authoritarians and oligarchs who give zero fucks about the privacy of their constituents and are always looking for new tools to track down and punish their critics. Given its non-response to nearly two years of negative press, it appears Clearview is willing to wade into this cesspool to ensure it remains profitable.

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: australia, facial recognition, privacy
Companies: clearview