The UK’s Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC) have opened a joint investigation into the personal information handling practices of Clearview AI - focusing on the company’s use of ‘scraped’ data and biometrics of individuals.

However, in line with the the ICO’s Communicating our Regulatory and Enforcement Activity Policy and OAIC’s Privacy Regulatory Action Policy, no further comment will be made while the investigation is ongoing.

Clearview’s facial recognition app allows users to upload a photo of an individual and match it to photos of that person collected from the internet. It then links to where the photos appeared.

It has been reported that the system includes a database of more than three billion images that Clearview claims to have taken or ‘scraped’ from various social media platforms and other websites.

Clearview is facing growing scrutiny of the billions of images it has scraped from social media platforms and how the US company shares those with law enforcement agencies. It suspended a contract with the Royal Canadian Mounted Police after regulators there said they were investigating allegations around the collection personal information without consent.

Clearview said will cooperate with regulators, adding that it searches publicly available photos from the internet in accordance with applicable laws.

Lawmakers in the US are drafting new legislation to curtail the use of facial recognition by law enforcement and government agencies, in part in response to recent demonstrations over police misconduct and racial inequality.

Regulators in Europe are also developing rules on artificial intelligence (AI) companies in order to ensure individual rights are not abused.

Tim Mackey, principal security strategist at the Synopsys Cybersecurity Research Centre, explined: "Facial recognition is a form of artificial intelligence meaning that building a business around it requires a source of training data - most professional photographers know that if you take a picture of someone’s face, then you are going to need to obtain permission from that person if you intend to publish or otherwise use that photo.

"That process is known as obtaining a release, and effectively the signed document states how that image could be used," he continued, pointing out that training any AI system requires large quantities of data, so in the context of facial recognition, that becomes large quantities of faces.

"Obtaining the legal rights for such a large dataset would be expensive, and it’s asserted that Clearview AI bypassed image licenses and simply scraped the data from websites," said Mackey. "This process would reduce the cost of image acquisition, but could also have allowed the Clearview AI team to identify weaknesses in social media applications."

Share Story: