The UK Information Commissioner’s Office (ICO) issued a preliminary decision in its investigation of Clearview AI. The ICO conducted its investigation in collaboration with the Office of the Australian Information Commissioner (OAIC), which issued its own decision earlier in the month.
At this stage, both the ICO and the OAIC have determined that Clearview’s biometric data collection practices violate their respective countries’ privacy laws. However, the ICO ruling could potentially carry a much stiffer financial penalty. The OAIC has ordered Clearview to cease its collection of biometric data in the country, and to delete any images of Australian citizens in its possession. The ICO will likely do the same for citizens in the UK, and plans to supplement that with a fine of slightly more than £17 million.
If it goes through, this would be the first time that Clearview has faced concrete financial repercussions for its many violations of international privacy law. A group of Canadian privacy commissioners ruled against the company in February, but that decision was comparable to that of the OAIC in terms of financial consequences.
The ICO decision is still provisional because Clearview has an opportunity to respond to the allegations. That response could change the ICO’s decision, or affect the size and scope of the potential penalties. The agency’s final decision is expected sometime in mid-2022.
Until then, the ICO did provide more details about what Clearview did wrong. The agency noted that the company’s database, which now includes more than 10 billion images, likely includes many images of UK civilians. Those images were pulled primarily from social media platforms, and usually without the knowledge of the people depicted in the photos.
As a result, the ICO determined that Clearview violated UK privacy law on several fronts. Most notably, Clearview did not have any lawful reason to collect people’s personal information. It then proceeded to process that information in a way that people would not ordinarily expect, and while failing to inform people about its use of private data. Clearview also failed to comply with the stricter GDPR laws for the handling of biometric data, and did not seem to have any plans to stop using or delete any of the information it collected.
Clearview has stopped offering services in the UK, but has previously offered free facial recognition trials to British law enforcement agencies. The company brought in $30 million in a round of Series B funding in July, though a £17 million judgement could effectively wipe out that entire sum. In the meantime, Clearview is facing separate privacy complaints in Europe.
–
December 3, 2021 – by Eric Weiss
Related News
Canadian Provinces Issue Further Injunctions Against Clearview AI
Oosto Applaud’s Australian Information Commissioner’s Clearview Ruling- Searchable List Documents US Government Agencies That Have Used Clearview AI
- UK Hits Clearview With £7.5 Million Fine
Canadian Government Asks Court to Dismiss Privacy Lawsuit Against National Police Force
Judge Rules Insurance Company Is on the Hook in BIPA Class Action Lawsuit
Follow Us