Delete one person’s biometric records, German Data Protection Authority orders Clearview AI
Clearview AI will delete an individual from its biometrics database after the Hamburg Data Protection Authority declared the biometric profiles of Europeans created without their permission illegal, according to privacy advocacy noyb.
The ruling came after Chaos Computer Club member Matthias Marx found his biometric profile in Clearview’s system and complained to the regulator. Marx asked that his images and all derived biometric data be deleted.
The Hamburg DPA investigated over an 11-month period, and based on GDPR requirements ordered the company to delete the biometric hash and confirm its deletion. Clearview has until February 12 to comply. The order does not apply across Europe, however, but only to the complainant.
“This surveillance machine is terrifying. Almost one year after my initial complaint, Clearview AI doesn’t even have to delete the pictures that show me,” states Marx. “And even worse, every individual must submit their own complaint. This shows that our data is not yet sufficiently protected and that there is a need for action against biometric surveillance.”
Noyb responded by urging Europeans to request access to the data Clearview holds on them, request its deletion, and object to their inclusion in the biometric database using forms available through the company’s website. The organization also suggested individuals submit complaints to their local data protection authority, setting up a potential deluge of cases across the continent.
“Imagine a world where every time you are caught on video camera, systems don’t just have your picture, but can directly identify you,” says Alan Dahi, a privacy lawyer at noyb.eu. “That’s horrifying.”
Either Clearview or the complainant can appeal the decision, and noyb writes that it is considering just such a challenge.
Macy’s denies using Clearview, Nuance named in biometric privacy suits
Across the Atlantic, Macy’s denies the accusations of a plaintiff alleging the retailer of collecting and processing her biometric data with Clearview, in violation of Illinois’ Biometric Information Privacy Act (BIPA), Law360 reports.
Plaintiff Isela Carmean has not demonstrated that her image was captured by the store’s security cameras, the company claims in a recently-filed motion. Instead, Macy’s says the suit is entirely based on Carmean’s claim to be a regular customer, and news articles describing Clearview’s capabilities.
Clearview is not included as a defendant in the suit.
Plaintiff Michelle Campana says she used an interactive voice response (IVR) system with biometric capabilities, which was supplied by Nuance, when she called a FedEx customer service line in December.
The suit alleges Campana’s voice biometrics were collected and analyzed during the call, and data based on that analysis was shared with a customer service representative, but the company never provided the informed consent option required by BIPA. The allegations also include violation of the requirement for companies using biometrics to share a data retention and destruction schedule.