The British privacy watchdog ICO has fined the face recognition database company Clearview AI more than £ 7.5 million and orders all data on British residents to be removed from the database. The company offers 20 billion images containing personal data for sale without the consent of those involved.
The Information Commissioner’s Office (ICO) has fined Clearview AI £ 7,552,800 for using images of people in the UK and elsewhere, collected from the internet and social media, to create a global online database that can be used for face recognition. The ICO has also issued an enforcement notice ordering the company to stop collecting and using personal information from UK residents to make it available over the internet. All data on UK residents must be removed from the systems.
The ICO enforcement action comes after a joint inquiry with the Office of the Australian Information Commissioner (OAIC), which focused on Clearview AI’s use of images of people, data retrieved from the Internet and the use of biometrics for face recognition. Clearview AI has collected more than 20 billion images of people’s faces and data from publicly available information on the web and social media platforms around the world to create an online database. People were not informed that their images were collected or used in this way. The company offers a service that allows customers, including the police, to upload a picture of a person to the company’s app, which is then checked for compliance with all the pictures in the database. The app then displays images that have similar properties to the image provided by the customer, with a link to the sites where those images come from.
Significant amount of data
Given the large number of internet and social media users in the UK, Clearview AI’s database is likely to contain a significant amount of data from UK residents, which was collected without their knowledge. While Clearview AI no longer offers its services to UK organizations, the company has customers in other countries, so the company still uses personal data from UK residents.
John Edwards, UK Information Commissioner, said: “Clearview AI has collected more images of people around the world, including in the UK, from various websites and social media platforms and has created a database of over 20 billion images. The company not only enables the identification of these individuals, however, track their behavior and offer the information as a commercial service. This is unacceptable. That is why we have taken steps to protect people in the UK by both fining the company and issuing an enforcement order. “People expect their personal information is respected no matter where in the world their data is used. Therefore, international companies need international enforcement. Working with colleagues around the world enabled us to take this action and protect people from such intrusive activities. “This international cooperation is crucial to protecting people’s privacy rights in 2022. It means working with regulators in other countries, as we have done in this case with our Australian colleagues. And it means working with regulators in Europe, and that is why “I’ll meet them this week in Brussels so we can work together to tackle global privacy violations.”
Details of the infringements
The ICO has determined that Clearview AI has violated UK data protection laws by failing to use the information of individuals in the UK in a fair and transparent manner as individuals are unaware or cannot reasonably expect their personal information to be used on this manner. . Other points are not having a legitimate reason to collect information from people and not having a process to prevent data from being stored indefinitely. In addition, the higher data protection standards required for biometric data (classified as ‘special category data’ under the GDPR and UK GDPR) are not met, and requests for additional personal information, including photos, from people asking if they are in the Clearview AI database . This may have had a deterrent effect on individuals wishing to object to the collection and use of their data. The joint study was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. It was also conducted under the Global Cross Border Enforcement Cooperation Arrangement of the Global Privacy Assembly and the MOU between the ICO and the OAIC. It is still unknown whether Clearview AI will listen to the allegations. This is not likely.