Clearview CEO laments ‘misrepresentation’ of facial recognition app in response to UK fine
Clearview AI has been fined approximately £7.5 million (US$9.5 million) by the UK’s Information Commissioner’s Office (ICO) for breach of data privacy laws, and ordered the company to delete all the data of British residents in its data banks.
The announcement follows a joint investigation with the ICO and the Office of the Australian Information Commissioner that alleged serious breaches of UK data protection law with its biometric data collection and facial recognition app, and threatened even heavier fines. The ICO says Clearview violated UK data privacy protection laws by failing to be transparent and fair with the biometric data of UK residents; failing to have a lawful reason for collecting peoples’ data; failing to have a process in place to stop the data being retained indefinitely; failing to meet the higher data protection standards required for biometric data; and asking for additional personal information, including photos, when asked by members of the public if they are on their database.
Clearview offers a face biometric service that allows its users to match a picture of a face to its database of 20 billion images of people’s faces and data that is harvested from the internet and social media. It then provides links to the websites where the images originate from. The ICO says Clearview likely includes a “substantial amount of data from UK residents, which has been gathered without their knowledge.” Though Clearview no longer operates in the UK, the ICO says it has customers in other countries, which continues to expose the personal data of UK residents.
The two agencies suggested a potential fine of £17 million (approximately US$23 million) in 2021. The ICO also ordered Clearview to halt the acquisition and use of the personal data of UK residents that is publicly available on the internet, and to purge the data of UK residents on its systems.
John Edwards, UK Information Commissioner, says, “People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement. Working with colleagues around the world helped us take this action and protect people from such intrusive activity.” Edwards says Clearview’s service “effectively monitors their [users’] behaviour” and offers it as a commercial service. The commissioner adds that the UK will continue international cooperation to protect privacy rights with Australia and European Union. Edwards will meet European regulators in Brussels this week to “tackle global privacy harms.”
“I am deeply disappointed that the UK Information Commissioner has misinterpreted my technology and intentions,” Clearview CEO Hoan Ton-That told Biometric Update in an email. “I created the consequential facial recognition technology known the world over. My company and I have acted in the best interests of the UK and their people by assisting law enforcement in solving heinous crimes against children, seniors, and other victims of unscrupulous acts. It breaks my heart that Clearview AI has been unable to assist when receiving urgent requests from UK law enforcement agencies seeking to use this technology to investigate cases of severe sexual abuse of children in the UK. We collect only public data from the open internet and comply with all standards of privacy and law.”
Ton-That also says that he welcomes the opportunity to engage “with leaders and lawmakers so the true value of this technology which has proven so essential to law enforcement can continue to make communities safe.”
It is far from the latest regulatory and government snipe at Clearview. In March, Italy’s privacy guarantor fined Clearview €20 million (US$22 million) for collecting biometric data without the consent of Italian residents and was blasted by U.S. Democrat lawmakers for its facial recognition app that is alleged to threaten privacy rights.
It also settled a lawsuit from the American Civil Liberties Union and other advocacy groups earlier in May over its alleged violations of Illinois’ Biometric Information Privacy Act (BIPA). As part of the settlement, Clearview agreed to limits it had already committed to around the sales of its facial recognition app and the use of part of its database, which it called a win.