Clearview AI Inc and Australian Information Commissioner

Case

[2023] AATA 1069

8 May 2023


Details
AGLC Case Decision Date
Clearview AI Inc and Australian Information Commissioner [2023] AATA 1069 [2023] AATA 1069 8 May 2023

CaseChat Overview and Summary

This matter concerned a complaint brought by the Australian Information Commissioner (the Commissioner) against Clearview AI Inc. (Clearview), a Delaware-incorporated company. The dispute arose from Clearview's collection of facial images of Australians from publicly available websites and its subsequent creation of a facial recognition database. The Commissioner alleged that Clearview's actions constituted interferences with the privacy of individuals, in breach of the Privacy Act 1988 (Cth). The proceedings were heard by O'Donovan SM in the Administrative Appeals Tribunal.

The central legal issues before the Tribunal were whether Clearview had an "Australian link" for the purposes of the extra-territorial operation of the Privacy Act, and if so, whether its collection and handling of biometric information constituted breaches of Australian Privacy Principles (APPs). Specifically, the Tribunal had to determine if Clearview was carrying on business in Australia, if requesting and receiving data hosted on Australian servers amounted to information collection in Australia, whether an image of a person's face constituted personal information, and if it was biometric information. The Tribunal also considered whether Clearview's collection of images without consent breached APP 3.3 or APP 1.2.

The Tribunal found that Clearview's web crawlers, operating from servers outside Australia, sent requests to Australian servers to collect publicly available images and their URLs. This process, the Tribunal reasoned, constituted Clearview carrying on business in Australia and collecting personal information in Australia, thereby establishing an "Australian link" under s 5B(3) of the Privacy Act. The Tribunal accepted that images of faces, and particularly the "vectors" derived from them by Clearview's algorithms, constituted biometric information and personal information under the Act. The Tribunal concluded that Clearview's collection of these images without consent and without meeting the requirements of APP 3.3, and its failure to take reasonable steps to protect personal information as required by APP 11.1 (though APP 1.2 was also cited in the catchwords, the reasoning focused on collection and security), constituted interferences with privacy.

Consequently, the Tribunal found that Clearview had breached the Privacy Act 1988 (Cth). The specific orders or further directions regarding remedies were not detailed in the provided text.
Details

Areas of Law

  • Administrative Law

  • Statutory Interpretation

Legal Concepts

  • Judicial Review

  • Procedural Fairness

  • Standing

  • Statutory Construction

  • Jurisdiction

  • Remedies

Actions
Download as PDF Download as Word Document

Most Recent Citation
R v Roy (No 2) [2024] ACTSC 305

Cases Citing This Decision

2

R v Roy (No 2) [2024] ACTSC 305