Clearview Faces £17 Million Penalty For Breaching Data Laws

The British data regulator has warned Clearview AI that it faces a fine of at least £17m ($22.5m) over its use of people’s data to power its facial recognition software. The Information Commissioner’s Office (ICO) has issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK’s data protection laws.

Clearview claims to have the largest known database of facial images, with more than 10 billion images sourced from public-only web sources, including news media, mugshot websites, public social media, and other open sources. 

The company pitches its web-based intelligence platform, powered by facial recognition technology, as a tool that helps law enforcement “generate high-quality investigative leads.”

The ICO is particularly concerned that while the tech firm’s services are no longer being offered in the United Kingdom, and the company has no UK-based customers, evidence suggests it both has and “may be continuing to process significant volumes of UK people’s information without their knowledge.”

“I have significant concerns that personal data was processed in a way that nobody in the UK will have expected,” said Information Commissioner Elizabeth Denham in a statement.

The announcement of the fine and provisional notice follows a joint investigation conducted by the ICO and the Office of the Australian Information Commissioner (OAIC). The ICO and OAIC investigation found that the company failed to comply with UK data protection laws, such as failure to process the information of UK residents in a way that is fair or expected, failure to have a process in place to prevent data from being retained indefinitely, and failure to have a lawful reason for collecting information. 

“The images in Clearview AI Inc’s database are likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms,” stated the ICO. 

“UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people’s legal protections are respected and complied with,” said the UK’s information commissioner Elizabeth Denham. Clearview have responded to the ICO notice, describing  ICO’s allegations as “factually and legally incorrect.”

ICO:    Law360:     Newsbreak:   Oodaloop:     ComplianceWeek:    Infosecurity Magazine:   Writofly:

You Might Also Read: 

Facebook To Pay $650m For Facial Recognition Lawsuit:

 

« British Spies Must Adapt to Survive
What Is An API, Anyway? »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Directory of Cyber Security Suppliers

Directory of Cyber Security Suppliers

Our Supplier Directory lists 7,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Practice Labs

Practice Labs

Practice Labs is an IT competency hub, where live-lab environments give access to real equipment for hands-on practice of essential cybersecurity skills.

Swivel Secure

Swivel Secure

Swivel Secure is an award winning provider of multi-factor authentication solutions.

Academic Centres of Excellence in Cyber Security Research

Academic Centres of Excellence in Cyber Security Research

The ACE-CSRs scheme is part of the UK Government’s National Cyber Security Strategy, working with academia and industry to make the UK more resilient to cyber attacks.

Foundation Futuristic Technologies (FFT)

Foundation Futuristic Technologies (FFT)

FFT is a global leader in computer forensics and digital investigation solutions.

Phirelight Security Solutions

Phirelight Security Solutions

Phirelight empowers an enterprise to easily understand how their networks behave, while at the same time assessing and managing cyber threats in real time.

Blockchain Slovakia

Blockchain Slovakia

Blockchain Slovakia is a non-profit organization that brings together researchers, developers, entrepreneurs, regulators, investors and the public to support blockchain technology in Slovakia.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

ARCON

ARCON

ARCON offers a proprietary unified governance framework, which addresses risk across various technology platforms.

Etonwood

Etonwood

Etonwood specialises in infrastructure and vendor technology recruitment in areas including cloud platforms, cyber security and service management.

SkyePoint Decisions

SkyePoint Decisions

SkyePoint Decisions is a leading Cybersecurity Architecture and Engineering, Critical Infrastructure and Operations, and Applications Development and Maintenance IT service provider.

Spike Reply

Spike Reply

Spike Reply is the company within the Reply Group focusing on cybersecurity and personal data protection.

DartPoints

DartPoints

DartPoints helps bridge the digital divide by delivering cloud, colocation, managed services + edge infrastructure.

risk3sixty

risk3sixty

Risk3sixty are information and cyber risk management craftsmen helping build business-first security and compliance programs.

RiverSafe

RiverSafe

RiverSafe is a professional services provider specialising in Cyber Security, Data Operations and DevOps, putting security at the heart of everything we do.

Huntr

Huntr

Huntr provides a single place for security researchers to submit vulnerabilities, to ensure the security and stability of AI/ML applications.

Fivecast

Fivecast

Fivecast is enabling a safer world. We help organizations around the world explore masses of data to uncover actionable insights.

Creative Network Innovations (CNI)

Creative Network Innovations (CNI)

Creative Network Innovations is a leader in providing advanced IT and cybersecurity solutions.