Clearview Faces £17 Million Penalty For Breaching Data Laws

The British data regulator has warned Clearview AI that it faces a fine of at least £17m ($22.5m) over its use of people’s data to power its facial recognition software. The Information Commissioner’s Office (ICO) has issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK’s data protection laws.

Clearview claims to have the largest known database of facial images, with more than 10 billion images sourced from public-only web sources, including news media, mugshot websites, public social media, and other open sources. 

The company pitches its web-based intelligence platform, powered by facial recognition technology, as a tool that helps law enforcement “generate high-quality investigative leads.”

The ICO is particularly concerned that while the tech firm’s services are no longer being offered in the United Kingdom, and the company has no UK-based customers, evidence suggests it both has and “may be continuing to process significant volumes of UK people’s information without their knowledge.”

“I have significant concerns that personal data was processed in a way that nobody in the UK will have expected,” said Information Commissioner Elizabeth Denham in a statement.

The announcement of the fine and provisional notice follows a joint investigation conducted by the ICO and the Office of the Australian Information Commissioner (OAIC). The ICO and OAIC investigation found that the company failed to comply with UK data protection laws, such as failure to process the information of UK residents in a way that is fair or expected, failure to have a process in place to prevent data from being retained indefinitely, and failure to have a lawful reason for collecting information. 

“The images in Clearview AI Inc’s database are likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms,” stated the ICO. 

“UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people’s legal protections are respected and complied with,” said the UK’s information commissioner Elizabeth Denham. Clearview have responded to the ICO notice, describing  ICO’s allegations as “factually and legally incorrect.”

ICO:    Law360:     Newsbreak:   Oodaloop:     ComplianceWeek:    Infosecurity Magazine:   Writofly:

You Might Also Read: 

Facebook To Pay $650m For Facial Recognition Lawsuit:

 

« British Spies Must Adapt to Survive
What Is An API, Anyway? »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

Authentic8

Authentic8

Authentic8 transforms how organizations secure and control the use of the web with Silo, its patented cloud browser.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Clayden Law

Clayden Law

Clayden Law advise global businesses that buy and sell technology products and services. We are experts in information technology, data privacy and cybersecurity law.

National Cyber and Information Security Agency (NUKIB) - Czech Republic

National Cyber and Information Security Agency (NUKIB) - Czech Republic

NUKIB is the central Czech government body for cyber security, the protection of classified information in the area of information and communication systems and cryptographic protection.

Capy

Capy

Capy's SaaS-based security solutions will protect your website from bots, spam, humans and more.

RIT Global Cybersecurity Institute

RIT Global Cybersecurity Institute

At RIT's Global Cybersecurity Institute, we educate and train cybersecurity professionals; develop new cybersecurity and AI-based knowledge for industry, academia, and government.

DeepSeas

DeepSeas

DeepSeas is the result of a merger between Security On-Demand (SOD) and the commercial Managed Threat Services (MTS) business of Booz Allen Hamilton.

Inveteck Global

Inveteck Global

Inveteck Global is a Ghana-based cyber security firm providing strategic guidance and technical solutions to all our clients to best serve their individual needs.

MindWise

MindWise

MindWise is a comprehensive global threat monitoring solution with implementations for fraud prevention and enterprise threat intelligence.

Blackrock Cyber

Blackrock Cyber

Blackrock Cyber consults on critical security decisions, oversees compliance for your payment initiatives, and details cyber security training for your entire organization and board reporting.

Banyax

Banyax

Banyax provides 24×7 real-time Cyber Defense Center Services using the latest technology tools to provide state-of-the-art defense.

AccountabilIT

AccountabilIT

AccountabilIT is a full spectrum information technology services firm for enterprises with complex information technology needs seeking relief from those challenges.

GetHacked.ca

GetHacked.ca

GetHackded.ca is a certified company offering penetration testing and specialized cybersecurity services.

HEROIC Cybersecurity

HEROIC Cybersecurity

HEROIC’s enterprise cybersecurity services help improve overall organizational security with industry best practices and advanced technology solutions.

Deloitte

Deloitte

Deloitte is a multinational professional services firm providing audit, consulting, financial advisory, risk management, tax, and related services to clients.

Corona IT Solutions

Corona IT Solutions

At Corona IT Solutions, our team of specialists in networking, wireless and VoIP are dedicated to providing proactive monitoring and management of your IT systems.

Offensive Security Manager (OSM)

Offensive Security Manager (OSM)

Offensive Security Manager is the ultimate AI software that will enforce offensive security automation, orchestration, coverage, ensure quality, and lets you manage whole process.

DuckDuckGoose

DuckDuckGoose

DuckDuckGoose offer advanced solutions to protect against manipulated videos, images, voices and texts.

Averlon

Averlon

Averlon offers organizations peerless cloud security through Panoptic Cloud Visibility, Predictive Attack Intelligence and Rapid Remediation.