Clearview AI Fined in UK for illegally Storing Facial Images

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Facial recognition company Clearview AI has been fined more than £7.5m by the UK's privacy watchdog and told to delete the data of UK residents.

The company gathers images from the internet to create a global facial recognition database. The Information Commissioner's Office (ICO) says that breaches UK data protection laws. It has ordered the firm to stop obtaining and using the personal data of UK residents. Clearview AI chief executive Hoan Ton-That said: "I am deeply disappointed that the UK Information Commissioner has misinterpreted my technology and intentions. "We collect only public data from the open internet and comply with all standards of privacy and law. "I am disheartened by the misinterpretation of Clearview AI's technology to society."
Clearview AI takes publicly posted pictures from Facebook, Instagram and other sources, usually without the knowledge of the platform or any permission. John Edwards, UK information commissioner, said: "The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable." Mr Edwards continued: "People expect that their personal information will be respected, regardless of where in the world their data is being used." The ICO said Clearview AI Inc no longer offered its services to UK organisations but, because the company had customers in other countries, it was still using personal data of UK residents. In November 2021, the ICO said the company was facing a fine of up to £17m - almost £10m more than it has now ordered it to pay.

The UK has become the fourth country to take enforcement action against the firm, following France, Italy and Australia.

Scroll down for more in " Similar threads ".
 

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
The Clearview AI saga continues!

If you haven’t heard of this company before, here’s a very clear and concise recap from the French privacy regulator, CNIL (Commission Nationale de l’Informatique et des Libertés), which has very handily been publishing its findings and rulings in this long-running story in both French and English:
Clearview AI collects photographs from many websites, including social media. It collects all the photographs that are directly accessible on these networks (i.e. that can be viewed without logging in to an account). Images are also extracted from videos available online on all platforms. Thus, the company has collected over 20 billion images worldwide. Thanks to this collection, the company markets access to its image database in the form of a search engine in which a person can be searched using a photograph. The company offers this service to law enforcement authorities in order to identify perpetrators or victims of crime.

Facial recognition technology is used to query the search engine and find a person based on their photograph. In order to do so, the company builds a “biometric template”, i.e. a digital representation of a person’s physical characteristics (the face in this case). These biometric data are particularly sensitive, especially because they are linked to our physical identity (what we are) and enable us to identify ourselves in a unique way. The vast majority of people whose images are collected into the search engine are unaware of this feature.
We may be about to find how the company will be policed in the future, with CNIL losing patience with Clearview AI for not comlying with its ruling to stop collecting the biometric data of French people…and announcing a fine of €20,000,000
 

upnorth

Level 68
Thread author
Verified
Top Poster
Malware Hunter
Well-known
Jul 27, 2015
5,458
Apparently, Clearview has still made no effort to comply with the French regulator’s ruling, and the regulator has yet again decided it has had enough.

Last week, CNIL invoked a “thou shalt not ignore us this time” clause in its previous settlement, allowing for fines of up to €100,000 for every day that the company refused to comply, stating that: CLEARVIEW AI had two months to comply with the order and justify compliance to the CNIL. However, the company did not send any proof of compliance within this time limit. On 13 April 2023, [CNIL] considered that the company had not complied with the order and consequently imposed an overdue penalty payment of €5,200,000.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top