Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Facial Recognition Firm Clearview AI Fined $9.4 Million by UK Regulator

ICO orders Clearview AI to delete all UK data

ICO orders Clearview AI to delete all UK data

The UK Information Commissioner’s Office (ICO) has fined facial recognition database firm Clearview AI more than £7.5 million (around $9.4 million) for breaching the UK GDPR. The ICO has also ordered Clearview to stop scraping and using the personal data of UK residents, and to delete the data of UK residents from its systems.

Clearview has scraped more than 20 billion images of faces and data available on the internet. Its service then allows customers – including the police – to upload an image to the Clearview app which matches it to images in the database. Close matches and a link to the source of the matches are returned to the customer.

Clearview no longer offers its services in the UK. However, the ICO believes its database will inevitably include images of UK residents, and these details are made available to users outside of the UK. 

Announcing the fine and enforcement notice, John Edwards, UK Information Commissioner, said, “Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images. The company not only enables identification of those people, but effectively monitors their behavior and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”

Key failures under the UK GDPR (and therefore also the EU GDPR) include a failure to be fair and transparent (individuals are unaware that their images may have been scraped and included in the database), and the lack of a lawful reason to collect people’s information.

This is not the first time Clearview has been sanctioned under data privacy laws. In February 2021, Canada’s privacy commissioner Daniel Therrien said, “What Clearview does is mass surveillance, and it is illegal.” He recommended that Clearview AI stop offering its facial recognition services to Canadian clients, stop collecting images of people in Canada and delete those already in its database.” Clearview stopped offering its services in Canada, but declined the other recommendations. 

In December 2021, the French privacy watchdog ordered Clearview to delete French citizens’ data and to stop collecting new images. In March 2022, Italy’s privacy authorities fined Clearview almost $22 million, ordered the company to delete data relating to people in Italy, and banned it from further collection and processing of Italian information.

Advertisement. Scroll to continue reading.

In May 2022, Clearview settled a case in the US brought by the ACLU. This is more limited in scope than the European enforcements. “The settlement does not require any ‘material change’ in the Clearview business model,” said Cahill Gordon, an attorney representing the company.

Although the European actions would appear to be more severe than the US action, it is worth noting that a European ‘enforcement’ notice may be entirely unenforceable. Clearview, founded in 2017, is a US company based in New York. It has no assets in Europe.

A study by Ku Leuven (a research university based in Leuven, Belgium) published on May 5, 2022 concludes: 

“Despite the legal actions and decisions of national DPAs, the company is pursuing its activities. From an EU data protection perspective, the collection and processing of photographs and related information have no legal basis. The data protection principles are not respected, and data subjects cannot exercise their rights. But with no physical presence in the EU, Clearview AI does not seem to be concerned by the unenforceable decisions of the DPAs. Other alternatives will have to be found to stop the company’s activities.”

Related: The Art Exhibition That Fools Facial Recognition Systems

Related: Facial Recognition: IT and Police in Delicate Dance

Related: The Impending Facial Recognition Singularity

Related: Biometrics: Dismantling the Myths Surrounding Facial Recognition

Written By

Kevin Townsend is a Senior Contributor at SecurityWeek. He has been writing about high tech issues since before the birth of Microsoft. For the last 15 years he has specialized in information security; and has had many thousands of articles published in dozens of different magazines – from The Times and the Financial Times to current and long-gone computer magazines.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Understand how to go beyond effectively communicating new security strategies and recommendations.

Register

Join us for an in depth exploration of the critical nature of software and vendor supply chain security issues with a focus on understanding how attacks against identity infrastructure come with major cascading effects.

Register

Expert Insights

Related Content

Compliance

The three primary drivers for cyber regulations are voter privacy, the economy, and national security – with the complication that the first is often...

Artificial Intelligence

Two of humanity’s greatest drivers, greed and curiosity, will push AI development forward. Our only hope is that we can control it.

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Privacy

Many in the United States see TikTok, the highly popular video-sharing app owned by Beijing-based ByteDance, as a threat to national security.The following is...

Privacy

Employees of Chinese tech giant ByteDance improperly accessed data from social media platform TikTok to track journalists in a bid to identify the source...

Application Security

Open banking can be described as a perfect storm for cybersecurity. At one end, small startups with financial acumen but little or no security...

Mobile & Wireless

As smartphone manufacturers are improving the ear speakers in their devices, it can become easier for malicious actors to leverage a particular side-channel for...

Government

The proposed UK Online Safety Bill is the enactment of two long held government desires: the removal of harmful internet content, and visibility into...