NEWS30 November 2021

Facial recognition company fined by ICO

News Privacy UK

UK – The Information Commissioner’s Office (ICO) is to impose a potential fine of just over £17m on Clearview AI, a company that describes itself as the “world’s largest facial network”.

Data protection

In addition, the ICO has issued a provisional notice to stop further processing of the personal data of UK residents and to delete it following alleged serious breaches of the country’s data protection laws.

The announcement follows a joint investigation by the ICO and the Office of the Australian Information Commissioner (OAIC), which focused on Clearview’s use of images, data scraped from the internet and biometrics for facial recognition.

The images in Clearview’s database are likely to include the data of a substantial number of people from the UK and may have been gathered without people’s knowledge from publicly available information online, including social media platforms, according to a statement from the ICO.

The UK body’s preliminary view is that Clearview appears to have failed to comply with UK data protection laws in several ways, including by not processing the information in a way people are likely to expect or that is fair; not having a process in place to stop the data being retained indefinitely; failing to have a lawful reason for collecting the information; not meeting the higher data protection standards required for biometric data; and not informing people about what was happening to their data.

Clearview now has the opportunity to make representations in respect of these alleged breaches and a final decision will be made by mid-2022.

The ICO’s announcement follows the conclusion of the OAIC’s investigation earlier this month that found Clearview to be in breach of Australian privacy laws.

Announcing today’s provisional decision, UK information commissioner Elizabeth Denham said: “I have significant concerns that personal data was processed in a way that nobody in the UK will have expected. It is therefore only right that the ICO alerts people to the scale of this potential breach and the proposed action we’re taking.

“To enjoy public trust and confidence in their products, technology providers must ensure people’s legal protections are respected and complied with. We, therefore, want to assure the UK public that we are considering these alleged breaches and taking them very seriously.”