The UK Information Commissioner’s Office and Office of the Australian Information Commissioner (OAIC) announced on Thursday that the pair would be teaming up to conduct a joint investigation into Clearview AI.
In April, OAIC asked questions of the company and issued a notice to produce under section 44 of the Australian Privacy Act.
Two months prior, the face recognition company suffered a data breach that included its customer list, the number of accounts each customer has, and the number of searches those customers had made.
“Security is Clearview’s top priority,” Clearview AI attorney Tor Ekeland said at the time. “Unfortunately, data breaches are part of life in the 21st century. Our servers were never accessed. We patched the flaw and continue to work to strengthen our security.”
Among the organisations named in the customer list were the Australian Federal Police and other state-based police forces in Australia.
See also: Victoria Police emails reveal Clearview AI’s dodgy direct marketing
Emails from the company to Victoria Police, obtained via freedom of information laws, showed how the company enticed individual officers to trial the service.
“Clearview is like Google Search for faces. Just upload a photo to the app and instantly get results from mug shots, social media, and other publicly available sources,” said one email to a police intelligence analyst.
“Search a lot. Your Clearview account has unlimited searches,” encouraged a follow-up email.
The Clearview database contained 3 billion photos scraped off the internet.
The joint investigation announced on Thursday is to be conducted in accordance with the Australian Privacy Act 1988 and the UK Data Protection Act, as well as the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement. The offices added that they would be speaking with similar government offices around the world as part of the investigation.
The offices said further comments would not be made while the investigation was underway.