Clearview AI Faces £17m Fine For ‘Serious’ Data Protection Breaches

Controversial facial recognition firm Clearview AI is in hot water with the British data protection watchdog, the Information Commissioner’s Office (ICO).

The ICO announced on Monday that it intends to fine the New York-based firm £17 million, and it “issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK’s data protection laws.”

Many tech firms are opposed to Clearview AI, which has been on the receiving end of multiple lawsuits in the United States.

Legal troubles

Clearview AI is a facial recognition company that developed technology to match faces to a database of more than three billion faces indexed from Internet social media websites and other sources such as Twitter, YouTube, Google and Facebook.

This policy has angered social networking firms.

In January 2020 Twitter demanded that Clearview delete all the images it had pulled from its platform, and stop all photo collection going forward.

Google and Facebook have also filed cease-and-desist letters.

But the damage may have already been done, after Clearview AI admitted in February 2020 that its database, containing the images of billions of people, had been stolen.

In May 2020, the firm was sued by the American Civil Liberties Union (ACLU), in which it alleged that Clearview’s technology runs afoul of the 2008 Illinois Biometric Information Privacy Act.

In March 2021, the firm was also hit with another lawsuit in California by two immigrants’ rights groups, namely the Hispanic social network Mijente, campaign group NorCal Resist, and four individuals who identify as political activists.

They alleged that Clearview AI’s software is still used by state and federal law enforcement to identify individuals, despite the fact that several California cities have banned government use of facial recognition technology.

Clearview AI has also been warned to remove Canadian faces from its database.

Clearview AI for its part insists it is doing nothing wrong, and that it complies with all applicable law and its conduct is fully protected by the First Amendment in the United States.

Significant concerns

But now on this side on the pond, Clearview AI is facing a potentially stiff financial penalty.

“Today’s announcement follows a joint investigation by the ICO and the Office of the Australian Information Commissioner (OAIC), which focused on Clearview AI Inc’s use of images, data scraped from the internet and the use of biometrics for facial recognition,” said the UK’s ICO.

“Customers of Clearview AI Inc can also provide an image to the company to carry out biometric searches, including facial recognition searches, on their behalf to identify relevant facial image results against a database of over 10 billion images,” it added.

The ICO said that the images in Clearview AI Inc’s database are likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms.

The ICO also understands that the service provided by Clearview AI was used on a free trial basis by a number of UK law enforcement agencies, but that this trial was discontinued and Clearview AI’s services are no longer being offered in the UK.

The ICO’s preliminary view is that Clearview AI appears to have failed to comply with UK data protection laws.

The ICO alleged that Clearview AI failed to process the information of people in the UK in a way they are likely to expect or that is fair; failed to have a process in place to stop the data being retained indefinitely; failed to have a lawful reason for collecting the information; failed to meet the higher data protection standards required for biometric data; failed to inform people in the UK about what is happening to their data; and asked for additional personal information, including photos, which may have acted as a disincentive to individuals who wish to object to their data being processed.

The ICO is now giving Clearview AI the opportunity to make representations in respect of these alleged breaches, before any final decision is made. The ICO expects to make a final decision by mid-2022.

“I have significant concerns that personal data was processed in a way that nobody in the UK will have expected,” noted the UK Information Commissioner, Elizabeth Denham. “It is therefore only right that the ICO alerts people to the scale of this potential breach and the proposed action we’re taking.”

Information commissioner Elizabeth Denham. Image credit: ICO

“UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people’s legal protections are respected and complied with,” said Denham.

“Clearview AI Inc’s services are no longer being offered in the UK. However, the evidence we’ve gathered and analysed suggests Clearview AI were and may be continuing to process significant volumes of UK people’s information without their knowledge,” Denham concluded. “We therefore want to assure the UK public that we are considering these alleged breaches and taking them very seriously.”

Tom Jowitt

Tom Jowitt is a leading British tech freelancer and long standing contributor to Silicon UK. He is also a bit of a Lord of the Rings nut...

Recent Posts

Amazon Alexa Recovers After Morning Outage

Alexa wake up alarm didn't work this morning? Smart lights didn't turn on? Outage of…

3 mins ago

UK, Australia Reach Cyber, Critical Tech Agreement

Australia says it will 'fight back' against nation state cyberattacks, after agreements with the UK…

30 mins ago

Italian Regulator Recalculates Apple, Amazon Fines

Italian regulator admits it has redetermined the fines against Apple and Amazon, over the sale…

17 hours ago

Red Cross ‘Appalled’ As Hackers Steal Humanitarian Data Of 515,000 People

A new low. International Committee of the Red Cross shuts down reunification system, after hackers…

21 hours ago

Russia Proposes Ban On Cryptocurrencies, Crypto Mining

Russia's central bank has this week proposed the banning on the use and mining of…

22 hours ago

Apple Working To Patch Safari Data Leak Vulnerability

Oh dear, not so private. Webkit browser engine flaw has been leaking user ID and…

23 hours ago