US-based facial recognition platform – Clearview AI, a company designed to support federal, state, and local law enforcement agencies to gain intelligence has now received an order from privacy watchdog, the Information Commissioner’s Office (ICO). The company has received an order from ICO to delete every piece of data belonging to residents of the UK. ICO didn’t stop at that but also went on to find Clearview to the tune of £7.5 million ($9.4 million) for failure to comply with the UK’s data protection laws. Over the last few years, the firm has collected images from the web and social media of people in Britain and elsewhere to create a global online database that can be used by law enforcement for facial recognition. Turns out that the UK is the fourth country to issue Clearview an order to delete all data within its confines between 2021 and 2022. Countries like Australia, France, and Italy have issued similar orders and fines for non-compliance and privacy violations.
Clearview has claimed that about 20 billion images of people around the world indexed from the internet and social sources like Facebook and Instagram are contained in the database of its facial recognition platform. The company does so without informing the individuals or asking for their consent. Before now the company has been responsible for the sale of its software to an array of private users and businesses. Following a lawsuit brought by the American Civil Liberties Union (ACLU), the company recently agreed to restrict itself in the US to selling to federal agencies and police departments for the purpose of investigating crimes, enhancing public safety, and providing justice to victims.
In the past, Clearview has reportedly offered facial recognition technology to law enforcement agencies in the UK, they include the Metropolitan Police, Ministry of Defence, and National Crime Agency. According to the ICO’s latest decree, henceforth Clearview will “no longer offers its services to UK organizations.” However, the privacy watchdog notes that the data it has scraped from UK residents can still be used by customers in other countries.
In a press statement, the UK’s Information Commissioner John Edwards said Clearview had likely collected a great deal of information on UK residents. “The company not only enables identification of those people but effectively monitors their behavior and offers it as a commercial service. That is unacceptable,” said Edwards. “That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”
UK’s Information Commissioner John Edwards in a statement explains that for the time the Clearview offered its service to the country, it must have collected a great deal of information on UK residents. “The company not only enables identification of those people but effectively monitors their behavior and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.” Edwards added that people expect their personal information to be respected, regardless of where in the world their data is being used
The ICO claims the company has violated several tenets of UK data protection law by failing to use data in a way that is “fair and transparent” especially given that no UK resident actually gave consent to Clearview’s practice of scrapping images over the internet. The company has also failed to give “a lawful reason” for this practice and “failing to have a process in place to stop the data from being retained indefinitely.” The ICO has ordered that all data belonging to UK residents be deleted as well as a ban from collecting further images.
In a similar case in Italy earlier in the year, Clearview was issued an order to delete data and also pay fines under the European Union (EU). A response by Clearview’s CEO Hoan Ton-That read that the company was simply not subject to EU legislation. According to ICO’s response to The Verge, the company has simply failed to comply with its orders. The ICO claims further fines can be issued if this continues. Many wonder if Clearview clearly ignored ICO’s first order, it’s unclear what another order will do.
In a statement by Clearview’s legal representative, Lee Wolosky, “While we appreciate the ICO’s desire to reduce their monetary penalty on Clearview AI, we nevertheless stand by our position that the decision to impose any fine is incorrect as a matter of law. Clearview AI is not subject to the ICO’s jurisdiction, and Clearview AI does no business in the U.K. at this time.” What this means is that, although ICO has issued a fine against Clearview and ordered the company to delete UK data, Clearview claims it has no business or customers in the country. So for now it’s unclear how this order might be enforced as claims are that Clearview doesn’t operate in the country. The ICO enforcement action comes after a joint investigation with the Office of the Australian Information Commissioner. Before now countries like China have greatly expressed deep worries about facial recognition technology.
The ICO has stated that Clearview has 28 days to appeal its ruling, and then 6 months to comply with it. The regulator added that its investigations team “will maintain contact with Clearview to make sure appropriate measures are taken.” When tossed with the question of how the company will be expected to distinguish between data belonging to UK residents and other individuals, the watchdog said “This is a question for Clearview to answer.” The ICO maintains its order to Clearview to delete every data belonging to residents of the UK.