UK and Australian data watchdogs to investigate Clearview AI

The UK Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC) have revealed they are looking into the firm’s use of data scraped from the internet to build its facial-recognition algorithm.

Clearview AI uses facial recognition tools to help law enforcement match photos of unknown people to individuals in other photos which have been posted online and added to the company’s database. The company scrapes photos from publicly accessible social media platforms, including Facebook and Twitter. 

The controversial system has been used by a number of law enforcement agencies across the US. A Buzzfeed News report from February claimed that a number of UK law enforcement agencies had registered with Clearview, including the Metropolitan Police, the National Crime Agency, and various regional police forces. At the time, the Met denied that it had used its services. 

Clearview’s founder, Hoan Ton-That, has previously described the app as “a search engine for publicly available images”. However, the tool is not available to the public.

The firm claims its technology has helped in hundreds of investigations, tracking down serious criminals, exonerating the innocent, and helping to identify and protect victims.

But its critics have said its practices are highly unethical, with Facebook, Twitter, and Google all demanding that the firm stops scraping photso from their platforms to train its models. 

The regulators said in a statement: “The [OAIC] and the UK’s [ICO] have opened a joint investigation into the personal information handling practices of Clearview AI Inc, focusing on the company’s use of ‘scraped’ data and biometrics of individuals.”

“The investigation highlights the importance of enforcement co-operation in protecting the personal information of Australian and UK citizens in a globalised data environment.”

The investigation will be conducted in accordance with relevant Australian and UK privacy and data protection laws under the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement, and may involve other data protection authorities if deemed appropriate and relevant.

“The technology allowing companies to scrape data from the internet and combine it with information about users has been around for many years, but what Clearview appears to have done is to combine personal data with photos of individuals obtained from the internet,” said Toni Vitale, partner and head of data protection at JMW Solicitors. 

He added: “If the data is used strictly for the purposes of law enforcement, consent of the individuals is not required under either UK or Australian laws, but it does beg the question how transparent Clearview has been about its practices and what it does with the data of unmatched data subjects.”

Vitale also explained that if the firm was using the data it collected for any purpose other than assisting law enforcement, such as to help venues collect information on their visitors, it was likely to be in breach of data protection laws, particularly if the subjects are not informed about it taking place. “Transparency is one of the key tenets of the GDPR, and at face value, I can’t see how Clearview has met this principle,” he said.