Australian data regulator backs off Clearview AI
But Kind then stressed that Clearview is hardly alone and that many AI companies are capturing all manner of sensitive data found around the world.
“The practices engaged in by Clearview AI at the time of the determination were troubling and are increasingly common due to the drive towards the development of generative artificial intelligence models. In August 2023, alongside 11 other data protection and privacy regulators, the OAIC issued a statement on the need to address data scraping, articulating in particular the obligations on social media platforms and publicly accessible sites to take reasonable steps to protect personal information that is on their sites from unlawful data scraping,” Kind said. “All regulated entities, including organizations that fall within the jurisdiction of the Privacy Act by way of carrying on business in Australia, which engage in the practice of collecting, using or disclosing personal information in the context of artificial intelligence are required to comply with the Privacy Act. The OAIC will soon be issuing guidance for entities seeking to develop and train generative AI models, including how the APPs apply to the collection and use of personal information. We will also issue guidance for entities using commercially available AI products, including chatbots.”
The original OIAC accusations, from October 2021, “found that Clearview AI, through its collection of facial images and biometric templates from individuals in Australia using a facial recognition technology, contravened the Privacy Act, and breached several Australian Privacy Principles (APPs) in Schedule 1 of the Act, including by collecting the sensitive information of individuals without consent in breach of APP 3.3 and failing to take reasonable steps to implement practices, procedures and systems to comply with the APPs,” the OIAC said.