UK privacy commissioner fines Clearview AI £17M for breaching data protection laws
madartzgraphics / Pixabay
UK privacy commissioner fines Clearview AI £17M for breaching data protection laws

The UK’s Information Commissioner’s Office (ICO) Monday disclosed its decision to impose a penalty of over £17 million on Clearview AI for breaching UK data protection laws.

The ICO conducted a joint investigation with the Office of the Australian Information Commissioner (OAIC) to determine how Clearview AI has been using images data scraped from the internet and biometrics for facial recognition. Customers can voluntarily provide an image to the company to carry out biometric searches. This includes facial recognition searches to identify relevant facial image results against a database of over 10 billion images. However, the UK government was concerned that data was collected by the company without people’s consent from publicly available information online, including social media platforms.

The joint investigation report indicated that the company fails to comply with the UK data protection laws by not processing or collecting data in a fair and lawful manner. Clearview AI was also reportedly unable to meet the threshold for biometric data, which is classed as “special category data” under the General Data Protection Regulation.

Further, the company reportedly failed to provide adequate information to people on how is the data is utilized. The company allegedly demanded that people share additional personal information, including photos, which may have acted as a disincentive to individuals who wished to object to their data being processed.

The joint investigation was conducted in accordance with the Australian Privacy Act and the UK Data Protection Act 2018. Both countries signed the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and Memorandum of Understanding (MOU) to conduct this research.

The company has been provided the opportunity to make representations in respect of these alleged breaches set out in the Commissioner’s Notice of Intent and Preliminary Enforcement Notice. The case made out by the company will be examined thoroughly before the ICO declares its final decision.

After the final decision itself, the penalty will be imposed on the company. The final decision is expected to be announced by mid-2022.