The UK's Information Commissioner (ICO) has fined Clearview AI £7.5 million for using images of British people in its systems, which were collected from the web and social media.
The controversial Australian firm supplies facial recognition technology to law enforcement agencies around the world and its systems have caused concern as it uses data scraped from publicly available online sources.
A joint investigation between the UK's data regulator and the Office of the Australian Information Commissioner (OAIC) found that Clearview had collected more than 20 billion images from the internet, mostly social media, to create its online database. However, it failed to inform people that their images were being collected or used for this purpose.
The ICO also found that Clearview had breached UK data protection laws by failing to have a lawful reason for collecting the information and for not having a process to stop the data from being "retained indefinitely".
The penalty also came with an enforcement notice ordering Clearview to stop obtaining and using the personal data of UK residents. The company no longer offers its services in the UK, though information for UK residents was still being used in systems sold in other countries, according to the ICO.
RELATED RESOURCE
Recommendations for managing AI risks
Integrate your external AI tool findings into your broader security programs
"The company not only enables identification of those people but effectively monitors their behaviour and offers it as a commercial service," John Edwards, the Information Commissioner said. "That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice."
Clearview became notorious in 2019 when reports surfaced that it was ordered to cease and desist scraping data from Facebook and Twitter by the companies themselves. The firm is popular with law enforcement, particularly in the US, where its app is used to match uploaded images to its database. Matched images will provide details on the subject and links to where the image was from, such as a social media page.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
TikTok could be hit with £27m fine for failing to protect children's privacyNews Social media firm issued with a notice from the ICO for potential violations of UK data protection laws
-
What is AdTech and why is it at the heart of a regulation storm?In-depth The UK data regulator has come under heavy fire for consistently delaying much-needed action, privacy groups say
-
ICO crackdown on AI recruitment part of three-year vision to save businesses £100 millionNews ICO25 outlines a fresh approach that involves releasing learning materials, advice, and a new ICO-moderated discussion forum for businesses
-
UK data watchdog cut IT spending by £1.2 million during pandemicNews The ICO’s IT budget has been slashed by around 23% since 2019
-
Data for 120 army recruits found on the dark webNews The website, run jointly with Capita, has been offline since mid-March as MoD assesses the scope of the breach
