An 'illegal surveillance' lawsuit was filed against the tech firm Clearview AI, which created a controversial facial recognition technology. Therefore, the company has been accused of conducting “mass surveillance’’ in multiple countries.
A Canadian criminal investigation found that the New York-based company violated the personal data protection law.
Daniel Therrien, the Privacy Commissioner of Canada stated ‘’What Clearview does is mass surveillance, and it is illegal. It is an affront to individuals’ privacy rights and inflicts broad-based harm on all members of society, who find themselves continually in a police line-up. This is completely unacceptable.’’
The investigation indicated that Clearview AI set up a database of over three billion images of faces. A large number of Canadians were also in the database. The Royal Canadian Mounted Police (RCMP) had access to these images and confirmed that they had used this technique to search for certain individuals in their investigations.
Clearview’s attorney, Doug Mitchell, stated that the company no longer operates in Canada. In addition, he mentioned that the collected data can be usable in some investigations.
The tech firm stated that its activities did no harm to individuals. It declined to comply with the Canadian government’s request to end the data collection and delete the images.
More complaints filled in the EU
Similarly, security researcher Matthias Marx filed a complaint with the German regulators (Bundesbeauftragte für Datenschutz und Informationsfreiheit – ‘BfDI’). He raised questions about the use of personal data without consent. “The regulator concluded that Clearview had acted illegally by failing to obtain Marx’s consent before processing his biometric information.’’
Also, in France, the CNIL (Commission Nationale de l'informatique et des Libertés) received another complaint by Zoé Vilain, the VP at Jumbo Privacy. Ms. Vilain found that she was also in the Clearview’s facial recognition database.
Several months of discussions and emails followed. Ms. Vilain asked the company for details about the data collected. In return, Clearview sent three photos of Ms. Vilain back to her. She claims that ‘’ One photo was of an entirely unrelated person.”
Last year the British and Australian regulators also announced the opening of similar investigations.
According to Alan Dahi from NOYB, the Austrian non-profit organization for digital rights, Clearview AI’s process violates the General Data Protection Regulation (GDPR). ‘’Europeans are having their photos harvested for a purpose they never intended or even contemplated.’’
Clearview AI accused in the US by ACLU
Likewise, in the United States, the American Civil Liberties Union (ACLU) sued the company for violating Illinois’ Biometric Information Privacy Act (BIPA). “We’re not suing them for taking or using photographs from the internet.” “What we’re complaining about is that they take the photographs and, using their own proprietary algorithm, turn them into face templates that are unique measurements of a person’s facial characteristics and can be used to match faces’’, said ACLU’s Glenberg.
In light of this, privacy rights are a growing concern internationally. It is significantly important that all businesses big and small understand their obligations and comply with regulatory requirements.
How Sovy can help?
Sovy can help you get compliant and stay compliant using the best online tools. We help you walk through a data mapping exercise to build your data inventory. With us you can easily build all policies you need under GDPR. Also, Sovy Academy has a wide range of industry-standard eLearning courses.
Additionally, we can help you maintain your compliance program in the cloud or manage cookie requirements.
We also offer advisory services in compliance, governance risk, adverse event and remediation. Get in touch with us for more information.