In a significant ruling that caught the attention of the global legal community, the Administrative Appeals Tribunal handed down its decision earlier this year in a case involving Clearview AI and the Australian privacy regulator, the Office of the Australian Information Commissioner (OAIC). This decision, for the first time, marked the extraterritorial application of the Australian Privacy Act in circumstances where a company did not have a physical presence in Australia.
The tribunal focused its attention on Clearview AI, a company known for its facial recognition software. The OAIC argued that Clearview AI breached the Australian Privacy Act because the company collected personal information, such as facial images, from Australian residents without their knowledge or consent. This information was subsequently used for commercial purposes.
Clearview AI made arguments against this by asserting it did not fall under the scope of the Privacy Act due to lack of a physical presence in Australia. However, the tribunal rejected this line of defence and ruled that Clearview AI’s actions created what they determined as an ‘Australian link’.
The implications of this ruling are potentially far-reaching. It opens the door for the OAIC and other regulators around the world to hold international companies accountable for violating privacy laws, even if they do not have a physical presence within the country. It also underscores the importance of businesses understanding the implications of their data collection and usage practices in foreign jurisdictions.
For a detailed report on the matter, please refer to this analysis by Hogan Lovells, an international law firm.