The breach may expose Australians to identity theft, authorities said
The Australian information and privacy authorities have ordered a U.S. software company to cease collecting Australian data and destroy it after an investigation revealed that it breached the country’s privacy law.
Australian Information Commissioner and Privacy Commissioner Angelene Falk has found that Clearview AI, Inc. breached the Australian Privacy Act 1988 “by scraping their biometric information from the web and disclosing it through a facial recognition tool.”
Clearview AI’s facial recognition tool includes a database of more than three billion images taken from social media and other websites. The tool allows users to upload a photo of an individual’s face and find other images of the latter from the internet. It then links to where the images appeared for identification purposes.
In a media release from Falk’s office, Clearview AI breached the Act by “collecting Australians’ sensitive information without consent; collecting personal information by unfair means; and not taking reasonable steps to notify individuals of the collection of personal information,” among others.
Clearview AI has since received orders “to cease collecting facial images and biometric templates from individuals in Australia, and to destroy existing images and templates collected from Australia.” The determination follows a joint investigation with the UK’s Information Commissioner’s Office.
The investigation highlighted the company’s “lack of transparency around collection practices” and the “monetization of individuals’ data for a purpose entirely outside reasonable expectations.” Falk described the company’s process as “unreasonably intrusive and unfair.”
“It carries significant risk of harm to individuals, including vulnerable groups such as children and victims of crime, whose images can be searched on [its] database,” Falk added. The database may also expose individuals to risks of identity theft and misidentification, the investigation said.
Meanwhile, Clearview’s lawyer Mark Love, said the company would seek a review of the decision with the Administrative Appeals Tribunal.
“Not only has the commissioner’s decision missed the mark on Clearview AI’s manner of operation, the commissioner lacks jurisdiction,” Love said in a report published by Reuters.