Clearview AI has been fined £7.5m by the Information Commissioner’s Office (ICO) for illegally collecting UK individuals’ facial recognition data and failing to comply with the UK’s data protection laws. The facial recognition firm has also been ordered to erase all data belonging to UK residents by the country’s privacy watchdog, the ICO.
Following similar orders and fines made in Australia, France, and Italy, Clearview—now for the fourth time—has been ordered to remove national data.
Clearview AI claims to have 20 billion photos taken from public sources, including Facebook and Instagram, in its facial recognition database. It formerly sold its software to a wide range of private users and corporations but has recently agreed to limit its sales in the United States to government agencies and police departments in response to a lawsuit brought by the American Civil Liberties Union (ACLU).
Clearview AI’s services have previously been utilised by law enforcement customers such as the Metropolitan Police, Ministry of Defence, and National Crime Agency in the United Kingdom. According to the ICO, the firm “no longer offers its services to UK organisations,” although it notes that the information it has gathered from UK citizens can still be used by clients in other countries.
The UK’s Information Commissioner, John Edwards, said in a press statement that Clearview had undoubtedly gathered a lot of data on UK citizens. He goes on to say that the company not only identifies those individuals but also successfully monitors their behaviour and sells it as a commercial service. “That is not acceptable,” Edwards stated. “That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.”
Clearview violated many aspects of UK data protection law, according to the ICO, including failing to use data in a “fair and transparent” manner, “failing to have a lawful reason for collecting people’s information,” and “failing to have a process in place to stop the data being retained indefinitely.”
Although the ICO has fined Clearview and ordered the company to remove UK data, it is unclear how this would be implemented given that Clearview has no business or clients in the nation. Clearview’s CEO, Hoan Ton-That, replied to a similar deletion order and penalties issued in Italy under EU law earlier this year by saying that the US-based Corporation was simply not subject to EU regulations.