Australian Regulators Decide To Do Absolutely Nothing About Clearview’s Privacy Law Violations
Clearview’s status as an international pariah really hasn’t changed much over the past few years. It may be generating fewer headlines, but nothing’s really changed about the way it does business.
Clearview has spent years scraping the web, compiling as much personal info as possible to couple with the billions of photos it has collected. It sells all of this to whoever wants to buy it. In the US, this means lots and lots of cop shops. Also, in the US, Clearview has mostly avoided running into a lot of legal trouble, other than a couple of lawsuits stemming from violations of certain states’ privacy laws.
Elsewhere in the world, it’s a different story. It has amassed millions in fines and plenty of orders to exit multiple countries immediately. These orders also mandate the removal of photos and other info gathered from accounts of these countries’ residents.
It doesn’t appear Clearview has complied with many of these orders, much less paid any of the fines. Clearview’s argument has always been that it’s a US company and, therefore, isn’t subject to rulings from foreign courts or mandates from foreign governments. It also appears Clearview might not be able to pay these fines if forced to, considering it’s now offering lawsuit plaintiffs shares in the company, rather than actual cash, to fulfill its settlement obligations.
Australia is one of several countries that claimed Clearview routinely violated privacy laws. Australia is also one of several that told Clearview to get out. Clearview’s response to the allegations and mandates delivered by Australian privacy regulators was the standard boilerplate: we don’t have offices in the Australia so we’re not going to comply with your demands.
Perhaps it’s this international stalemate that has prompted the latest bit of unfortunate news on the Clearview-Australia front. The Office of the Australian Information Commissioner (OAIC) has issued a statement that basically says it’s not going to waste any more time and money trying to get Clearview to respect Australia’s privacy laws. (h/t The Conversation)
Before giving up, the OAIC has this to say about its findings:
That determination found that Clearview AI, through its collection of facial images and biometric templates from individuals in Australia using a facial recognition technology, contravened the Privacy Act, and breached several Australian Privacy Principles (APPs) in Schedule 1 of the Act, including by collecting the sensitive information of individuals without consent in breach of APP 3.3 and failing to take reasonable steps to implement practices, procedures and systems to comply with the APPs.
Notably, the determination found that Clearview AI indiscriminately collected images of individuals’ faces from publicly available sources across the internet (including social media) to store in a database on the organisation’s servers.
This was followed by the directive ordering Clearview to stop doing business in the country and delete any data it held pertaining to Australian residents. The statement notes Clearview’s only responses were a.) challenging the order in court in 2021 and b.) withdrawing entirely from the proceedings two years later. The OAIC notes that nothing appears to have changed in terms of how Clearview handles its collections. It also says it has no reason to believe Clearview has stopped collecting Australian persons’ data.
Despite all of that, it has decided to do absolutely nothing going forward:
Privacy Commissioner Carly Kind said, “I have given extensive consideration to the question of whether the OAIC should invest further resources in scrutinising the actions of Clearview AI, a company that has already been investigated by the OAIC and which has found itself the subject of regulatory investigations in at least three jurisdictions around the world as well as a class action in the United States. Considering all the relevant factors, I am not satisfied that further action is warranted in the particular case of Clearview AI at this time.
That’s disappointing. It makes it clear the company can avoid being held accountable for its legal violations by simply refusing to honor mandates issued by foreign countries or pay any fines levied. It can just continue to be the awful, ethically-horrendous company it has always been because, sooner or later, regulators are just going to give up and move on to softer targets.
Clearview isn’t going to become a better, more responsible company ever. All we can really hope is that its business model won’t be as lucrative as it hopes it will be. It’s already struggling despite having faced only a few barriers to its success. What it does have going against it is its reputation as the shadiest operator into a shady market, which means a lot of government agencies are going to think twice before signing contracts that might make them co-stars in future PR nightmares. I guess we’ll just have to be satisfied Clearview has made itself just toxic enough to keep it from becoming a facial recognition powerhouse.