Abbondanza! Clearview, opponents throw more spaghetti to see what sticks
Privacy International is collaborating on a series of complaints filed against Clearview AI with data protection regulators in France, Austria, Italy, Greece and the United Kingdom, alleging several violations of Europe’s General Data Protection Rule and one of the EU’s Law Enforcement Directive, and their UK equivalents, by its forensic face biometrics app.
Hermes Center for Transparency and Digital Human Rights, Homo Digitalis and noyb (European Center for Digital Rights) have joined Privacy International in the complaints, which regulators now have three months to respond to.
The organizations argue that Clearview’s biometric data collection practices constitute mass processing of European citizens’ personal data, that the company processes both “regular” and “special categories” data, that it does not obtain consent or meet “legitimate interests” criteria, and that the company falls afoul of GDPR’s transparency and purpose limitation clauses. The Law Enforcement Directive complaint alleges the use of Clearview’s technology does not meet its law enforcement processing requirements, that the its use lacks a basis in law, and that it fails to meet necessity and proportionality criteria.
“European data protection laws are very clear when it comes to the purposes companies can use our data for,” states Ioannis Kouvakas, legal officer with Privacy International. “Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users.”
“Clearview seems to misunderstand the Internet as a homogeneous and fully public forum where everything is up for grabs,” adds Lucie Audibert, also a legal officer at PI. “This is plainly wrong. Such practices threaten the open character of the Internet and the numerous rights and freedoms it enables.”
Canadian Privacy Commissioners declared earlier this year that Clearview’s practices are illegal in the country, which Privacy International would like to see echoed in the EU and UK.
Arguments for US lawsuit dismissal
Clearview is asking to have consolidated, or multidistrict, litigation claims against it permanently dismissed by an Illinois federal judge. As it stands, consumers living outside Illinois can now participate in a bellwether privacy case citing a law in that state.
This is the newest chapter in Clearview’s fight (Thornley vs. Clearview) to preserve its face-scraping business model, which some feel illegally poaches consumers’ biometric data for profit.
In December, a judicial panel in December approved multidistrict status. The claims in question have enough commonalities that consolidation would be more efficient and prevent inconsistencies, particularly regarding the request for a class action.
According to an article in Law360, attorneys for the facial recognition service say that there were no grounds for centralizing multiple claims against Clearview that were filed in jurisdictions beyond Illinois.
Those attorneys this week told U.S. District Judge Sharon Johnson Coleman that the plaintiffs “‘do not come close’ to demonstrating that the practices at issue primarily and substantially occurred in Illinois,” according to Law360. The company also argues its actions are protected by the U.S. and Illinois Constitutions.
Clearview, which denies that the Illinois privacy law prohibits it from doing business as it sees fit, basically does not want the plaintiff pool growing any further.
For the somehow uninitiated, Clearview has built a database of at least 3 billion facial photographs, mostly from social media platforms that prohibit face-scraping of their members’ accounts.
Illinois’ Biometric Information Privacy Act was created to prevent entities such as Clearview from taking, using and profiting from a state resident’s biometrics without their express consent.
The court case has become a sprawling and often confusing battleground where the facts and allegations have become less newsworthy than the legal tactics and strategies. This development is a case in point, but not the only one.
An interesting analysis in the National Law Review points out that during the multidistrict litigation proceedings, lawyers for the plaintiffs said it is impossible to take Clearview at its word when it says it has “voluntarily changed its business practices” to make a case involving Illinois’ law irrelevant.
The proof, the plaintiffs reportedly have said, is that Clearview has applied for a patent that would “would permit it to use its accumulated biometric information in connection with background searches on potential business or personal connections.”
The Review article notes that the injunction is not aimed at actions leading to the initial suit, but to actions Clearview might take and that have not affected Illinois consumers.
Also, the plaintiffs want a judge to “weigh the credibility of Clearview’s representation.” And they want the court to “enjoin global aspects of Clearview’s operations rather than dealing with a specific act underpinning the injunction.