The tech firm Clearview AI, which created a controversial facial recognition technology, is accused of conducting “mass surveillance’’ in multiple countries.
A Canadian criminal investigation found that the New York-based company violated the personal data protection law.
Daniel Therrien, the Privacy Commissioner of Canada stated ‘’What Clearview does is mass surveillance, and it is illegal. It is an affront to individuals’ privacy rights and inflicts broad-based harm on all members of society, who find themselves continually in a police line-up. This is completely unacceptable.’’
The investigation indicated that Clearview AI set up a database of over three billion images of faces, including a large number of Canadians. The Royal Canadian Mounted Police (RCMP) had access to these images and confirmed that they had used this technique to search for certain individuals in their investigations.
Clearview’s attorney, Doug Mitchell, stated that the company no longer operates in Canada and that the collected data can be usable in some investigations. The company has also stated that its activities did no harm to individuals and declined to comply with the Canadian government’s request to end the data collection and delete the images.
Similarly, security researcher Matthias Marx filed a complaint with the German regulators (Bundesbeauftragte für Datenschutz und Informationsfreiheit – ‘BfDI’) that raised questions about the use of personal data without consent. “The regulator concluded that Clearview had acted illegally by failing to obtain Marx’s consent before processing his biometric information.’’
In France, another complaint was filed with the CNIL (Commission Nationale de l’informatique et des Libertés), in July 2020, by Zoé Vilain, the Privacy & Strategy Officer and VP at Jumbo Privacy. Ms. Vilain found that she was also included in the Clearview’s facial recognition database.
After four months of discussions and emails, in which Ms. Vilain asked the company for details about the data collected, Clearview sent three photos of Ms. Vilain back to her. She claims that ‘’ One photo was of an entirely unrelated person.”
Additionally, last year British and Australian regulators also announced the opening of similar investigations.
According to Alan Dahi from NOYB, the Austrian non-profit organization for digital rights, Clearview AI’s process violates the General Data Protection Regulation (GDPR), stating ‘’Europeans are having their photos harvested for a purpose they never intended or even contemplated.’’
In the United States, the American Civil Liberties Union (ACLU) sued the company as well, for violating Illinois’ Biometric Information Privacy Act (BIPA). “We’re not suing them for taking or using photographs from the internet.” “What we’re complaining about is that they take the photographs and, using their own proprietary algorithm, turn them into face templates that are unique measurements of a person’s facial characteristics and can be used to match faces’’, said ACLU’s Glenberg.
Privacy rights are a growing concern internationally, it is important that all businesses big and small understand their obligations and comply with regulatory requirements.
Sovy can help you get compliant and stay compliant using our on-line tools, including:
- Walk-through a data mapping exercise and build your data inventory.
- Train your employees with industry-standard eLearning courses.
- Maintain your compliance program in the cloud
- Manage cookie consent and data rights
We also offer advisory services in compliance, governance risk, adverse event and remediation.