The UK’s privacy authority has fined facial recognition startup Clearview AI more than £7.5 million and ordered it to destroy the data of UK individuals.
To establish a global facial recognition database, the business collects photographs from the internet.
According to the Information Commissioner’s Office (ICO), this is a violation of UK data protection rules.
It has ordered the company to stop collecting and utilising personal information about UK residents.
Hoan Ton-That, CEO of Clearview AI, stated: “I am really sorry that the Information Commissioner of the United Kingdom misread my technology and objectives.
“We only take public data from the internet and adhere to all privacy and legal requirements.
“I’m discouraged by society’s misconception of Clearview AI’s technology.”
Use of ‘unacceptable’ data
According to the ICO, the corporation has accumulated more than 20 billion facial photographs internationally.
Clearview AI harvests publicly shared photos from Facebook, Instagram, and other sites, frequently without the platform’s knowledge or permission.
The UK Information Commissioner, John Edwards, stated: “The corporation not only identifies those individuals, but also successfully monitors their behaviour and sells it as a service.
That is completely inappropriate.”
“People expect that their personal information will be respected, regardless of where their data is utilised,” Mr Edwards continued.
The ICO stated that while Clearview AI Inc no longer provided services to UK businesses, the company continued to utilise personal data of UK people since it had customers in other countries.
The ICO warned the company in November 2021 that it may face a fine of up to £17 million, about £10 million more than it has now been compelled to pay.
Following France, Italy, and Australia, the United Kingdom has become the fourth country to pursue enforcement action against the company.
“While we appreciate the ICO’s willingness to lessen their monetary punishment on Clearview AI, we continue to believe that the decision to impose any charge is improper as a matter of law,” stated Lee Wolosky of the American firm Jenner and Block.
“Clearview AI is not subject to the ICO’s jurisdiction, and Clearview AI currently conducts no business in the UK.”
‘A face search engine’
The company’s approach allows users to submit a snapshot of their face and search through billions of images in its database for matches.
It then gives you links to where you can find matching photographs online.
Clearview AI Inc was found to have broken UK data protection legislation by failing to:
- use the information of people in the UK in a way that is fair and transparent
- have a lawful reason for collecting people’s information
- have a process in place to stop the data being retained indefinitely
- meet the higher data protection standards required for biometric data
It was also discovered that when people enquired if they were on the firm’s database, they were asked for more personal information, including images.
Following a collaborative investigation with the Office of the Australian Information Commissioner, the ICO took action.
“This international cooperation is crucial to defend people’s privacy rights in 2022,” Mr Edwards added.
“That involves collaborating with regulators in other countries, as we did with our Australian counterparts in this case.”
Clearview AI has a lengthy history of being a contentious firm.
Hoan Ton-That, the company’s creator, claims that the firm’s objective is to “help communities and their people live better, safer lives,” and that all of the information gathered is freely available on the internet.
He claims that Clearview’s massive database of faces has aided law enforcement in combating “heinous” crimes.
The Metropolitan Police, the Ministry of Defence, and the National Crime Agency were among Clearview’s prior clients in the United Kingdom.
However, those it collaborates with in other countries will have access to its whole database of 20 billion photographs, which would invariably include UK residents.
Will we ever find out who was on it?
Probably not, although you may be if there are images of you on the internet.
And it’s rare that you’ve been asked if that’s okay.
When Italy fined Clearview €20 million (£16.9 million) earlier this year, the company retaliated, claiming that it did not operate in any way that put it under the GDPR’s jurisdiction.
Could it make a similar argument in the United Kingdom, where it has no operations, customers, or headquarters?
It can now appeal the ICO’s judgement, and it may do so.