Clearview Faces £17 Million Penalty For Breaching Data Laws

The British data regulator has warned Clearview AI that it faces a fine of at least £17m ($22.5m) over its use of people’s data to power its facial recognition software. The Information Commissioner’s Office (ICO) has issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK’s data protection laws.

Clearview claims to have the largest known database of facial images, with more than 10 billion images sourced from public-only web sources, including news media, mugshot websites, public social media, and other open sources. 

The company pitches its web-based intelligence platform, powered by facial recognition technology, as a tool that helps law enforcement “generate high-quality investigative leads.”

The ICO is particularly concerned that while the tech firm’s services are no longer being offered in the United Kingdom, and the company has no UK-based customers, evidence suggests it both has and “may be continuing to process significant volumes of UK people’s information without their knowledge.”

“I have significant concerns that personal data was processed in a way that nobody in the UK will have expected,” said Information Commissioner Elizabeth Denham in a statement.

The announcement of the fine and provisional notice follows a joint investigation conducted by the ICO and the Office of the Australian Information Commissioner (OAIC). The ICO and OAIC investigation found that the company failed to comply with UK data protection laws, such as failure to process the information of UK residents in a way that is fair or expected, failure to have a process in place to prevent data from being retained indefinitely, and failure to have a lawful reason for collecting information. 

“The images in Clearview AI Inc’s database are likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms,” stated the ICO. 

“UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people’s legal protections are respected and complied with,” said the UK’s information commissioner Elizabeth Denham. Clearview have responded to the ICO notice, describing  ICO’s allegations as “factually and legally incorrect.”

ICO:    Law360:     Newsbreak:   Oodaloop:     ComplianceWeek:    Infosecurity Magazine:   Writofly:

You Might Also Read: 

Facebook To Pay $650m For Facial Recognition Lawsuit:

 

« British Spies Must Adapt to Survive
What Is An API, Anyway? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

FT Cyber Resilience Summit: Europe

FT Cyber Resilience Summit: Europe

27 November 2024 | In-Person & Digital | 22 Bishopsgate, London. Business leaders, Innovators & Experts address evolving cybersecurity risks.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

XYPRO Technology

XYPRO Technology

XYPRO is the market leader in HPE Non-Stop Security, Risk Management and Compliance.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

Arxan Technologies

Arxan Technologies

Arxan is a leader of application attack-prevention and self-protection products for Internet of Things (IoT), Mobile, Desktop, and other applications.

Golden Frog

Golden Frog

Golden Frog is a Virtual Private Network services provider offering secure encrypted access to the internet.

totemo

totemo

Totemo offers solutions for the secure exchange of business information.

National Digital Exploitation Centre (NDEC) - United Kingdom

National Digital Exploitation Centre (NDEC) - United Kingdom

NDEC is a project to create a centre of cyber and digital development and education for the UK. It will offer training in digital practices, cyber security and research.

Navarino

Navarino

Navarino is the maritime industry’s most advanced communications and connectivity company. We develop advanced technologies and innovative IT solutions including cyber security.

Matrix42

Matrix42

Matrix42 software for digital workspace experience manages devices, applications, processes and services simple, secure and compliant.

Dell Technologies

Dell Technologies

Dell Technologies Consulting Services enables a highly resilient business amidst the proliferation of cloud-based IT services and constant threats to your most critical information.

SEEK

SEEK

SEEK create world-class technology solutions to address the needs of job seekers and hirers across multiple sectors including cybersecurity.

SixThirty CYBER

SixThirty CYBER

SixThirty is a venture fund that invests in early-stage enterprise technology companies from around the world building FinTech, InsurTech, and Cybersecurity solutions.

CUJO AI

CUJO AI

CUJO AI is the global leader in the development and application of artificial intelligence to improve the security, control and privacy of connected devices in homes and businesses.

Space ISAC

Space ISAC

Space ISAC is the only all-threats security information source for the public and private space sector.

Intrepid Solutions and Services

Intrepid Solutions and Services

Intrepid Solutions and Services provides technology solutions and professional services to key components of the intelligence and national security communities.

US Digital Corps

US Digital Corps

The U.S. Digital Corps is a new two-year fellowship for early-career technologists where you will work every day to make a difference in critical impact areas including cybersecurity.

Kalima Systems

Kalima Systems

Kalima’s mission is to securely collect, transport, store and share Industrial IoT (IIoT) trusted data in real time with devices, services and mobile workers.

Infinipoint

Infinipoint

Infinipoint pioneers the first Device-Identity-as-a-Service (DIaaS) solution, addressing Zero Trust device access and enabling enterprises of all sizes to automate cyber hygiene.

Fireblocks

Fireblocks

Fireblocks is a digital asset security platform that helps financial institutions protect digital assets from theft or hackers.