UK data authority fines Clearview AI more than £7.5m, orders UK data deleted
The U.K. government announced Monday a fine of more than £7.5 million against facial recognition company Clearview AI and ordered it to stop collecting information about U.K. residents and to delete what it already has in its database.
“The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable,” said U.K. Information Commissioner John Edwards in a press release. Clearview, which identifies people based on biometric faceprints derived from images collected online, has amassed a database of more than 20 billion images, according to the agency.
The moves by the Information Commissioner’s Office (ICO) follow a joint investigation by the agency and the Office of the Australian Information Commissioner that launched in July of 2020 and was completed last November. A provisional notice from ICO to Clearview that month warned the company to stop processing and delete U.K. resident data—as well as suggesting a substantially larger £17 million fine.
In an emailed press statement, Clearview founder and chief executive Hoan Ton-That said he was “deeply disappointed” that the U.K. data authority “misinterpreted” his company’s technology and intentions.
“I would welcome the opportunity to engage in conversation with leaders and lawmakers so the true value of this technology which has proven so essential to law enforcement can continue to make communities safe,” he said.
The privacy implications of Clearview’s business practices came under increased scrutiny following a January 2020 investigation by Kashmir Hill at the New York Times. Earlier this month, the company agreed to a settlement in a lawsuit brought by the American Civil Liberties Union and others that would largely prohibit sale of services to private companies and people in the United States, we well as to law enforcement in Illinois over the next five years.
In a prior interview with The Record, Clearview Ton-That said the proposed settlement, which is based on Illinois’ 2008 Biometric Information Privacy Act or BIPA, “doesn’t change anything” the company is “doing on a material level” because Clearview could continue to sell to government clients elsewhere.
However, Clearview is increasingly facing pressure from national privacy regulators to remove data from its systems — including Australia and Canada, which both ordered the company to delete information on residents last year.
“People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement,” Edwards said, adding he would be meeting with European regulators in Brussels later this week to “collaborate to tackle global privacy harms.”
This story has been updated to include comment from Clearview AI received after publication.
Andrea Peterson (they/them) is a longtime cybersecurity journalist who cut their teeth covering technology policy at ThinkProgress (RIP) and The Washington Post before doing deep-dive public records investigations at the Project on Government Oversight and American Oversight.