Australian Authorities Have Ordered Clearview AI to Delete All Facial Recognition Data Belonging to Its Citizens

John Paczkowski, Buzzfeed News:

Australia’s national privacy regulator has ordered controversial facial recognition company Clearview AI to destroy all images and facial templates belonging to individuals living in Australia, following a BuzzFeed News investigation.

On Wednesday, the Office of the Australian Information Commissioner (OAIC) said Clearview had violated Australians’ privacy by scraping their biometric information from the web and disclosing it via a facial recognition tool built on a vast database of photos scraped from Facebook, Instagram, LinkedIn, and other websites.

This sounds great, but it faces some of the same problems as removing Canadian faces. Does Clearview know which faces in its collection are Australian? In the Commissioner’s determination, Clearview told the office that it, in the words of the Commissioner, “collects images without regard to geography or source”. Presumably, it can tie some photos to people living in Australia. But does it reliably retain information about, say, an Australian living abroad? It seems like one of those edge cases that could affect about a million people.

Also, in that determination, I found it telling that Clearview “repeatedly asserted that it is not subject to the Privacy Act” largely because it is a company based in the U.S. and, under U.S. law, it is arguing its collection of biometric information from published images is legal. The U.S. is like a tax haven but for privacy abuses. (And taxes too.)