Database company Clearview AI said it was removing photos taken in Australia

A company that claims to have a database of over 10 billion facial images has violated Australian privacy laws, Australian regulators say.

Clearview AI allows law enforcement to search their face database.

But the Office of the Australian Information Commissioner (OAIC) ​​has ordered to stop collecting photos taken in Australia and to remove those already in its collection.

A lawyer representing the company said it will seek a review of the decision.

The Clearview AI system allows a user, such as a police officer trying to identify a suspect, upload a photo of a face, and find matches in a database of billions of images collected from the Internet and social media.

The system then provides links to where the corresponding images appeared online.

Clearview AI has promoted its police service as a “Google face search”.

The system is primarily marketed as a law enforcement tool, although its customers are not limited to this. The investigation said a recent patent filing revealed interest in other uses of the technology, including: “Dating, retail, granting or denying access to a facility, place or device, accurate delivery of social benefits and fraud reduction “.

On its website, the company claims it has “the largest known database of over 10 billion facial images,” although the survey report uses less than three billion.

The company claims to only collect publicly available images from the open web, but that didn’t satisfy investigators.

“The secret collection of this type of sensitive information is unreasonably intrusive and unfair”, The Australian information commissioner, Angelene Falk, wrote it.

“It carries a significant risk of harm to individuals, including vulnerable groups such as children and crime victims, whose images can be searched in the Clearview AI database.”

The OAIC found that the company’s violations of the Australian Privacy Act included:

He said Clearview must “cease collecting facial images and biometric models from individuals in Australia and destroy existing images and models collected from Australia.”

The survey was conducted in collaboration with the UK Information Commissioner’s Office (ICO).

The ICO says it is still considering its next steps and any formal regulatory action that might follow.

But Elizabeth Denham, the UK Information Commissioner, said it was “an investigation that will protect consumers in both the UK and Australia”.

Mark Love, a lawyer representing Clearview, told the BBC in a statement that the company “went out of its way to cooperate” with the Australian investigation.

He said the commissioner “did not correctly understand how Clearview AI conducts its business” and plans to appeal.

“Not only has the commissioner’s decision missed how Clearview AI works, but the commissioner has no jurisdiction,” he said.

“Clearview AI,” wrote Mr Love, “has not violated any law or interfered with the privacy of Australians. Clearview AI does not operate in Australia, it has no Australian users.”

The OAIC accepted the company’s claim that it has instituted “a policy to deny all user account requests from Australia and that there is no evidence of Australian users since March 2020”.

Company founder and CEO Hoan Ton-That wrote in a statement that as a dual Australian and US citizen: “My company and I have acted in the best interests of these two nations and their people by assisting the law enforcement in solving heinous crimes against children, the elderly and other victims of unscrupulous acts. ”

The Clearview website claims that its images “come from public web sources, including news media, mugshot websites, public social media and other open sources.”

Automated bulk data collection from public websites is often referred to as “scraping”.

The OAIC investigation report finds that Clearview AI “collects images from social media websites, including Facebook and YouTube.”

“When Australians use social media or professional networking sites, they do not expect their facial images to be collected without their consent from a commercial entity to create biometric templates for completely unrelated identification purposes,” the Mrs. Falk.

The report notes that the sites’ terms and conditions “each prohibit this type of scraping, and a number of social media companies have sent the defendant termination and divestiture letters in connection with the alleged scraping from their sites.”

However, Ms Falk was critical of social media companies, saying the case raised the question of whether “online platforms are doing enough to prevent and detect the scraping of personal information.”

There are some signs that big tech companies are becoming increasingly wary of facial recognition.

On Tuesday, Facebook announced it will no longer use facial recognition software to identify faces in photos and videos.

But online tools and search engines that use facial recognition technology continue to work online, privacy activists warn.