ICO and OAIC Find ‘Serious Breaches’ of Privacy Law
On Nov. 29, 2021, the U.K. Information Commissioner’s Office (ICO) announced a provisional intent to fine Clearview AI over £17 million, alleging several privacy violations related to the company’s use of “scraped” data and biometrics of individuals. More significantly, the provisional order would require the company to stop processing personal data of people from the U.K. and to delete the data collected from U.K. individuals. The ICO’s notice follows a similar announcement that was made by Australia’s Information Commissioner earlier in the month ordering Clearview to cease collecting facial images and biometric templates from individuals in Australia and to destroy existing images and templates collected from Australians. We provide some key takeaways for companies that are building and testing facial recognition and artificial intelligence tools.
In announcing the resolution of a joint investigation with the Office of the Australian Information Commissioner (OAIC), the ICO alleged several privacy violations, including:
Failing to process personal data