Facial recognition technology firm Clearview AI has been fined more than £7.5 million and ordered to delete all data gathered from people in the UK after an investigation into its practices.
The firm has collected billions of images of people’s faces and data from publicly available information on the internet, including social media platforms, for use in facial recognition services.
Alongside the fine and data deletion order, the Information Commissioner’s Office (ICO) said it had also issued an enforcement notice against the company, ordering it to stop obtaining and using the personal data of UK residents that is publicly available on the internet.
NEW: We’ve fined Clearview AI Inc more than £7.5m for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.Read our press release: https://t.co/VCnmjjcM8D pic.twitter.com/88mO1mUjmq
— ICO – Information Commissioner's Office (@ICOnews) May 23, 2022
The ICO said Clearview had built its database of more than 20 billion images without informing people or gaining their consent for images to be collected or used in this way.
In total, Clearview has been fined £7,552,800.
The regulator said Clearview provides a service that allows its customers – including police forces around the world – to upload an image of a person to the company’s app and check it for a match against all photos in the database.
The fine and enforcement order comes after a joint investigation with the ICO’s Australian counterpart.
Information Commissioner John Edwards said: “Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images.
“The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable.
“That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice.
“People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement.
“Working with colleagues around the world helped us take this action and protect people from such intrusive activity.
“This international co-operation is essential to protect people’s privacy rights in 2022.
“That means working with regulators in other countries, as we did in this case with our Australian colleagues.
“And it means working with regulators in Europe, which is why I am meeting them in Brussels this week so we can collaborate to tackle global privacy harms.”