Hamburg data protection commissioner demands answers on biometric dataset from Clearview AI
An administrative order on information regarding the biometric processing of personal data has been issued against Clearview AI and its facial recognition software by The Hamburg Commissioner for Data Protection and Freedom of Information (Hmb BfDI), the institution announced.
Clearview AI’s method involves collecting billions of user photos publicly available online for facial recognition through a search database of archived facial images. This breaches the General Data Protection Regulation (GDPR) guidelines on user consent for biometric data processing, the watchdog writes.
Hmb BfDI has reached out to Clearview AI a couple of times following a complaint filed in February 2020. The tech company has not provided any clear, transparent answers regarding its business model or other matters, arguing “the legal position that GDPR is not applicable to the processing by Clearview as a whole, so that there was no obligation to answer in substance,” according to the regulator’s notice.
According to the Hmb BfDI, GDPR is in fact applicable based on Article 3 (2) b, because behavior monitoring through cookie placements would also target Clearview AI app users and customers, including security authorities or private companies. The EU-based employees of these users are protected by GDPR.
Clearview AI has to deliver the adequate information by mid-September or face a penalty payment of €10,000 (US$11,800) for each of seventeen sets of questions.
“Business models that consist of collecting images on the Internet on a massive scale and without cause, and making people’s faces identifiable through biometric analysis, endanger privacy on a global scale,” said Johannes Caspar, Hamburg’s Commissioner for Data Protection and Freedom of Information, in a prepared statement. “To protect those affected under the EU Charta of Fundamental Rights, such companies must be monitored, regulated and, if necessary, stopped on the basis of the GDPR.”
Caspar further adds that “In Europe, there must be no room for dull digital dystopias in which the use of facial recognition software and biometric databases gives public authorities and private agencies a new, almost unlimited form of control over people. The data protection supervisory authorities have a mandate to monitor this. This also applies to companies establishing corresponding business purposes from outside the EU and questions the privacy and informational self-determination of people in the EU.”
Despite ongoing controversy, Clearview AI has just entered a biometrics contract with U.S. Immigration and Customs Enforcement (ICE) and announced hiring Kevin Haskins as director of identity sales and customer engagement to connect with law enforcement agencies at the federal, state and local levels.
The latest lawsuit regarding the use of Clearview AI facial recognition technology involves giant retailer Macy’s who used it to identify shoppers through images from security cameras, violating Illinois’ Biometric Information Privacy Act (BIPA) on informed consent requirements.