Clifford Chance

The United Kingdom Information Commissioner’s Office (ICO) and the Office of the Australian Information Commissioner (OAIC) opened a joint investigation into Clearview AI Inc's facial recognition technology in July 2020.

The ICO has now announced, on 29 November 2021, the issuance of a provisional notice of intent to fine Clearview AI just over £17 million for violating UK data protection laws. This would be the third largest fine imposed by the ICO. This comes after the OAIC found, in October 2021, that Clearview violated Australian privacy laws.

Automated facial recognition software, particularly in a law enforcement context, has been a key area of focus for regulators around the globe over the past couple of years. At the same time, many firms are considering facial recognition technology – either as a result of the pandemic and a desire to have "touch free" access and/or in smart devices.

The UK and Australian enforcement actions highlight the importance of ensuring that companies have appropriate notice and consent from data subjects and maintain adequate privacy compliance programs. The ICO's final Clearview findings, when released, will serve as a good case study.