The Information Commissioner’s Office (ICO) has fined facial recognition database Clearview AI £7.5 million for using images of people in the UK that were collected from the web and social media.
The company collects images from the internet to build up a global online database which could be used for facial recognition.
The data regulator has also ordered the business to stop collecting and using the publicly available personal data of UK residents and to delete the data British citizens from its systems.
According to the ICO, to date Clearview AI has collected over 20 billion images of people’s faces and publicly available data from social media platforms and the wider internet.
It says that people are not informed that their images are collected or used in this way.
The move follows an ICO investigation, in collaboration with the Office of the Australian Information Commissioner (OAIC), which focused on the database’s use of people’s images, data scraping from the internet, and the use of biometric data for facial recognition.
The ICO found that the company had breached UK data protection law by “failing to use the information of people in the UK in a way that is fair and transparent”, because people are unaware that their personal data is being used by the software company.
It said that the US business had broken the law by failing to have a legitimate reason for collecting people’s information, while lacking processes to stop the data being retained indefinitely.
Clearview has also failed to meet GDPR higher data protection standards for biometric data, the regulator said.
The ICO claimed that Clearview has asked for additional personal information, including photos, when asked by members of the public if they are on their database. It says that this could have acted as a “disincentive to individuals who wish to object to their data being collected and used”.
“Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images,” said John Edwards, UK information commissioner. “The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable.
“That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”
Clearview’s service works by enabling customers – including the police – to upload an image of a person to the company’s app, which is then checked for a match against all the images in the database.
The platform then identifies images that have similar characteristics with the photo provided by the customer, with a link to the websites from where those images came from.
While the company has stopped offering its platform to UK-based businesses, it is still using personal data of UK citizens, said the ICO.
Recent Stories