Clearview AI Inc. faces a fine of £7.5 million. The United Kingdom ICO came for the facial recognition firm for breaching certain privacy laws. Clearview AI is a US-based facial recognition company that provides professional support to government, institutions, organizations, and individuals. The company introduces its unique algorithm to scan and match the faces of individuals to a database containing over 20 billion images gotten from the web. Its range also includes websites and social media apps.
In its mobile app, Clearview enables all kinds of users, including the local police, to upload pictures of individuals and match identities. Clearview sells the images it scraped and identified from the web to companies, governors, etc. The main problem is that Clearview has never gotten the permission of anyone before using their data. That’s why the UK watchdog penalized it earlier this week.
Privacy law breach
Clearview gets its images from social media giants like Meta’s Instagram and Facebook and other leading social media platforms. Usually, this is done without their notice. The Information Commissioner for the UK, John Edwards, stated that the tech company provides more than matching of identities. In his statement, the company also monitors the data and leverages them for personal capital purposes.
According to the UK ICO, Clearview breached the national data protection law in various ways. These include:
- Failing to provide lawful proof for collecting users’ information.
- Failing to properly use the information of individuals in the UK in a straightforward way, noting that people aren’t even aware of their biometric data used in such a way.
- Failing to provide a procedure to stop data stored indefinitely.
- Failing to meet the standard data protection protocols needed for personal data. These are also termed ‘special category data’ under UK GDPR and GDPR.
- Requesting for extra personal data and information, such as photos, when citizens ask to confirm if they’re on the platform’s database.
This collaborated investigation was carried out by the ICO in compliance with the UK Data Protection Act 2018 and the Australian Privacy Act.
The information commissioner’s office (ICO) and Clearview:
The UK ICO noted in a press release that the United Kingdom has a huge sum of social media and internet users. Thus, this can add up a huge amount of data to Clearview’s database from UK citizens, gotten without their notice.
The agency added that although Clearview AI has stopped providing its services to companies in the UK, it still has branches and companies in other countries. Therefore, the AI-based company can sell data scraped off entities and individuals in the UK to outsiders. This is the personal data we’re talking about here.
Last November, the ICO ordered Clearview to stop collecting and analyzing data from UK residents. Last year, on the 29th of November, the UK watchdog warned Clearview of its actions of severe breaches of its data protection law. It warned that the company might encounter a financial penalty if it didn’t cease its actions.
In addition, the OAIC (Office of the Australian Information Commissioner) ordered Clearview to delete all of its citizen’s data, discovering it had breached national privacy laws. Also, last year, the ICO fined Clearview a penalty of more than £17 million.
The Information Commissioner’s Office stated that the tech giant, Clearview AI, didn’t provide a lawful basis for scraping off individuals’ information without their awareness.
