UK privacy regulator ICO plans to fine facial recognition company Clearview AI €20 million for violating UK privacy law. Clearview collected photos from Facebook, LinkedIn and other websites for training a facial recognition system. This system contains a database of ten billion collected images, according to the ICO. This allows police services to identify unknown suspects. More than six hundred American police and investigation services are said to have used Clearview. The British privacy regulator states that the images in Clearview’s database may have been collected from publicly available sources such as social media without people’s knowledge. In addition, Clearview may have violated UK privacy law on several counts. For example, information from UK citizens has not been processed in a reasonable manner, information has been kept indefinitely, there is no lawful reason for collecting the information, data security standards for biometrics as applicable under the GDPR and UK privacy law have not been met, people are not informed about what happens to their data and Clearview asks for additional personal information, including photos, which may deter people who want to delete their data. Clearview will now have the opportunity to respond to the ICO’s intention, after which the regulator will make a final decision.
