Facial recognition firm faces £17m fine after watchdog’s ‘significant concerns’
FACIAL recognition app Clearview AI faces a potential £17 million fine as regulators in the UK expressed “significant concerns” over the use of personal data.
The Information Commissioner’s Office (ICO) announced its provisional intent to impose a potential fine of just in excess of £17m on the firm which describes itself as “the world’s largest facial network”.
The ICO has also issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK’S data protection laws.
Clearview AI uses its facial recognition software to help law enforcement match photos of unknown people to other images online by using the company’s database of photos which have been taken from publicly accessible social media platforms, including Facebook, and other websites.
The announcement yesterday follows a joint investigation by the ICO and the Office of the Australian Information Commissioner (OAIC), which focused on Clearview AI Inc’s use of images, data scraped from the internet and the use of biometrics for facial recognition.
The ICO said customers of Clearview AI Inc can also provide an image to the company to carry out biometric searches, including facial recognition searches, on their behalf to identify relevant facial image results against a database of more than 10 billion images.
Regulators said the images in Clearview AI Inc’s database were likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms.
The ICO also understands that the service provided by Clearview AI Inc was used on a free trial basis by a number of UK law enforcement agencies, but that this trial was discontinued and Clearview AI
Inc’s services are no longer being offered in the UK.
The ICO’S preliminary view is that Clearview AI Inc appears to have failed to comply with
UK data protection laws in several ways including by failing to process the information of people in the UK in a way they are likely to expect or that is fair, failing to have a process in place to stop the data being retained indefinitely and failing to have a lawful reason for collecting the information.
The ICO also said that Clearview AI Inc appeared to have failed to meet the higher data protection standards required for biometric data (classed as ‘special category data’ under the GDPR and UK GDPR) and failing to inform people in the UK about what is happening to their data.
Clearview AI Inc now has the opportunity to make representations in respect of these alleged breaches set out in the Commissioner’s Notice of Intent and Preliminary Enforcement Notice.