90 incidents on record · 2026 Headlights Incident reports by Ellie Harris · Melbourne
10 new this week Library last updated 13 July 2026
← The incident library
HD-INC-023
Technology · Australia · 2021 · Biometric surveillance

Clearview AI built a three-billion-image face search engine by scraping the web, and Australia's regulator could only tell it to stop

By Ellie Harris · Filed Web scraping to 2021

Alleged: Clearview AI, Inc. developed or deployed the AI system implicated in this incident. Details are drawn from public reports; parties are presumed innocent of any wrongdoing not established by an official finding.

Clearview AI built a three-billion-image face search engine by scraping the web, and Australia's regulator could only tell it to stop

What happened

Clearview AI scraped more than three billion facial images from social media and other public websites, converted each into a biometric template, and assembled them into a database that a user, typically a law enforcement officer, could search by uploading a single photograph and receive back matching images and the pages they came from. None of the people in it had been asked. The great majority had no connection to any investigation and were in the database only because their faces happened to be online.

On 14 October 2021, the Office of the Australian Information Commissioner, in a determination by Information and Privacy Commissioner Angelene Falk, found that Clearview AI had breached the Privacy Act 1988. The Commissioner found that Clearview collected the sensitive biometric information of individuals in Australia without consent, in breach of Australian Privacy Principle 3.3, and failed to take reasonable steps to implement practices, procedures, and systems to comply with the Australian Privacy Principles. The Commissioner ordered Clearview to cease collecting facial images and biometric templates from individuals in Australia and to destroy the information it already held.

Clearview did not accept the determination. Its position throughout was that it was a United States company that did not operate in Australia and so fell outside the reach of the Privacy Act. On 3 November 2021 it commenced proceedings in the Administrative Appeals Tribunal to challenge the finding. After the Tribunal indicated findings that Clearview had breached certain of the Australian Privacy Principles, Clearview withdrew from the proceedings in August 2023, leaving the determination standing. In August 2024, Privacy Commissioner Carly Kind announced that the OAIC was not satisfied that further action was warranted in the particular circumstances of the Clearview matter at that time, while maintaining that the company’s conduct had been troubling. Separately, the OAIC found that the Australian Federal Police had used Clearview’s tool and ordered the AFP to strengthen its privacy governance.

What an auditable version would have shown

The defining feature of the Clearview case is that there was no record on the collection side that anyone outside the company could inspect. The scale, three billion images, was Clearview’s own figure. Which Australians were in the database, when their images were taken, and whether they were ever removed after the cessation order, were not facts the public or the regulator could independently verify. Enforcement depended almost entirely on the company’s own account of what it had collected and what it had destroyed.

An auditable version would generate, for each image ingested, a signed record of where it came from, when, and on what claimed lawful basis, so the database’s history would be a matter of record rather than the company’s own account.

Where the gap was

The gap was the absence of any enforced lawful-basis check at the point of collection, and any durable record of it.

A ConstraintGate in front of ingestion would treat consent and lawful basis as a condition that has to be satisfied before an image is collected, not a question raised years later by a regulator. For a system whose entire design was indiscriminate collection, that gate would have denied the great majority of what Clearview ingested, which is precisely the point: the standing rules and the system’s behaviour were never connected. A ConductRecord for each ingestion and each deletion would then have made the database’s history legible, so that an order to stop and destroy could be verified rather than asserted.

Clearview’s architecture had neither. Its competitive advantage was the very absence of a gate: the more it collected without asking, the larger and more valuable the database became.

What governance should have looked like

The Clearview matter shows the limits of after-the-fact enforcement against a system built with no internal record. The regulator could find the breach, order cessation, and order destruction. What it could not easily do was verify compliance, because the only evidence of what was collected and what was deleted sat inside the company.

A lawful biometric system, by contrast, makes its own collection auditable from the start. Every template carries a record of its source and its basis. Every deletion is recorded against the order that required it. Aggregate figures, how many records are held, how many were destroyed under a given order, are bound to the underlying signed events so a regulator can confirm them on request. None of this prevents a determined actor from building a Clearview, but it changes what a regulator can prove, and it makes the difference between an order that is obeyed and an order that is merely issued.

The reference implementation of ConstraintGate and ConductRecord is open source. It lives at github.com/saffronandindia/headlights-oss, Apache 2.0 licensed and free to install. Anyone can read every line and verify the signatures. The repository is public now.

Sources

The mailing list

Fresh incident reports every week. One email to match.

We add new incidents to the library regularly, and send a single short email each week with what's new. The library stays free and open; this is just how you keep up with it.

No tracking. Unsubscribe in one click.

The record

An auditable system would have produced a signed, tamper-evident record the moment this happened: what the system did, the version that did it, the basis it acted on, and the action taken, and Clearview AI, Inc. could have produced it on demand.

This is the record the system as deployed did not produce in a signed, auditable form.

What this teaches
Capture what happened when it happens
What the system did, the version that did it, the basis it acted on, and the action taken, recorded at the moment, not reconstructed after.
Sign it, so no one has to trust the record-keeper
A tamper-evident entry. Edit it later and the signature breaks. The record does not ask for the benefit of the doubt.
Make it verifiable by anyone
A court, a regulator, a customer's lawyer can check the record themselves, without taking the company, or us, at our word.

Headlights summarises publicly reported AI incidents. All summaries are independently written, attributed to their original sources, and intended for research and educational purposes. Allegations are identified as such until established through official findings.

Last reviewed June 2026. This report is based on the sources listed above and reflects information available at the time of review; later developments may not be captured. Where a person is described as charged with or alleged to have done something, that allegation is unproven unless a conviction or a court or regulatory finding is stated. Headlights publishes journalism and commentary, not legal advice.

Want to write back?

Direct to my inbox.

ellie@useheadlights.com →