UK privacy commissioner gives a £17m fine to Clearview AI for breaching data protection laws
On Monday, the Information Commissioner’s Office (ICO) made public its decision to penalise Clearview AI over £17m for breaking the UK’s data protection laws.
ICO was working together with the Office of the Australian Information Commissioner (OAIC), investigating how Clearview AI has scraped image data and biometrics from across the internet to be used in its signature facial recognition software. Their customers then provide an image to Clearview, which uses its database of over 10 billion images to conduct biometric and facial identification searches. With the General Data Protection Regulation (GDPR) in line with UK data protection laws, the government was troubled that Clearview’s scraping of social media platforms was gathering data without proper consent.
The report signalled that the organisation is not in adherence with UK data protection laws due to not processing or collecting data in a fair and lawful manner. Under GDPR, biometric data is classified as “special category data” – a level that Clearview AI was allegedly unable to meet.
Perhaps more importantly, the organisation reportedly could not give sufficient information to people on how their data is used. There were allegations that Clearview demanded that individuals share extra personal data, such as photos – a potential deterrent to people who object to their information being processed.
The UK Data Protection Act 2018 and the Australian Privacy Act formed the basis of the joint investigation. Both countries signed the Global Privacy Assembly’s Global Cross Border Enforcement Cooperation Arrangement and Memorandum of Understanding (MOU) in order to carry out the research.
The company has been provided the opportunity to make representations in respect of these alleged breaches set out in the Commissioner’s Notice of Intent and Preliminary Enforcement Notice. The case made out by the company will be examined thoroughly before the ICO declares its final decision.
After the final decision itself, the penalty will be imposed on the company. The final decision is expected to be announced by mid-2022.
Credence has ISO 9001 and 27001 certification and is regularly audited on security, with robustly enforced policies to keep your data secure. Don’t make the same mistake as Clearview AI.