Clearview AI, an American facial recognition company, illegally collected images of UK residents from social media and the web to create a global online database that could be used for facial recognition.
The UK’s privacy watchdog has fined Clearview £7.55 million for their illegal activities and ordered Clearview to stop obtaining and using the personal data of UK residents which is publicly available on the internet and to delete the data of UK residents from its systems.
Clearview AI sells an app that can be used to upload a photo, and then attempts to identify them by checking its database. As reported by Engadget, the data has been used by thousands of public law enforcement agencies, despite the technology being in a legal grey area.
“The company not only enables identification of those people but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable,” said UK Information Commissioner John Edwards in a statement.
The Information Commissioner’s Office (“ICO”) opened a joint investigation with Australia into Clearview in 2020 and issued a preliminary fine of £17 million late last year. At the time, the office noted: “Clearview AI Inc’s database is likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms.”
Announcing the fine of £7,55 million on 23 May 2022, the ICO stated:
“Clearview AI Inc has collected more than 20 billion images of people’s faces and data from publicly available information on the internet and social media platforms all over the world to create an online database. People were not informed that their images were being collected or used in this way.
“Although Clearview AI no longer offers its services to UK organisations, the company has customers in other countries, so the company is still using personal data of UK residents.”
In March 2022 Clearview was fined EUR20 million by the Italian privacy regulator, Garante per la Protezione dei dati Personali, in violation of the General Data Protection Regulation (“GDPR”) and was required to delete all Italian records from its database.