Controversial startup Clearview AI has been fined more than £7.5 million by the UK’s Information Commissioner’s Office (ICO) and ordered to destroy any data it holds on UK residents following several violations of UK data protection law.
Breaches include using scraping technology to extract people’s photos from images and videos posted on news sites, social media, and websites.
According to the ICO, Clearview’s database was likely to contain a significant amount of information about UK individuals that had been collected without their consent, given the vast number of internet and social media users in the UK.
Clearview provides services to police and law enforcement forces around the world. Law enforcement agencies can use its algorithms to identify persons from photographs and videos, thanks to access to what it claims is the “biggest known database” of 20 billion facial images.
The company takes photographs of individuals from websites and social media all around the world and adds meta data to them, such as where and when the photo was taken, the gender of the subject, their nationality, and the languages they speak.
It was discovered this week that Clearview AI had no legal basis for collecting information on UK people and had committed a number of other data protection violations:
- Clearview failed to treat UK individuals’ data fairly and transparently.
- Without their awareness, it collected and processed data on UK individuals.
- It failed to meet the stricter data protection standards needed by the General Data Protection Regulation for processing biometric data (GDPR).
- The company failed to implement a system that would prohibit data from being collected and stored permanently.
- By asking applicants for more information, such as personal images, Clearview AI made it impossible for anyone who wanted to object to their data being gathered by the company.
Although the company has stopped providing services in the UK, the ICO said the company was still utilising personal data from UK people to provide services in other countries.
Clearview, according to the ICO, not only allowed people on its database to be recognised via images, but also allowed their behaviour to be watched in an “unacceptable” way.
Clearview AI has faced similar enforcement orders from privacy regulators in Australia, France, and Italy, and the fine is the latest in a series of regulatory proceedings taken against it.
In May 2022, the business reached an agreement with the American Civil Liberties Union (ACLU) to stop selling facial recognition technology to private companies and individuals across the US.
Clearview’s lawyer, Jenner and Block attorney Lee Wolosky, said the decision to impose any fine was “incorrect as a matter of law.”
“Clearview AI is not subject to the ICO’s jurisdiction, and Clearview AI currently does no business in the UK,” he continued.
Clearview has 28 days to challenge the decision of the ICO, and six months to put the order into effect.
If Clearview AI does not comply, the ICO has threatened to impose additional penalties.