Facial recognition firm Clearview AI has been fined £7.5 million and ordered to delete personal data belonging to UK residents, however it has previously resisted similar orders from other countries.
The Information Commissioner’s Office (ICO) issued an enforcement notice against the US-based firm after a joint investigation with the Office of the Australian Information Commissioner (OAIC) found that biometric data scraped from the internet was being sold to customers.
Clearview AI collected more than 20 billion images of people’s faces from the web and social media, according to the ICO, allowing it to create a global online database that law enforcement agencies and other organisations could access.
“The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. This is unacceptable,” John Edwards, the UK Information Commissioner, said in a statement.
“People expect that their personal information will be respected, regardless of where in the world their data is being used. That is why global companies need international enforcement.”
The investigation concluded that Clearview AI had breached various UK data protection laws, giving it the power to impose a fine of either £17m or 4 per cent of global turnover.
The contraventions reportedly included failing to use the information of people in the UK in a way that is fair and transparent, failing to have a lawful reason for colecting people’s information, and failing to have a policy in place to stop the data being retained indefinitely.
UK organisations no longer have access to Clearview AI’s services, however customers in orhter countries still have access to the personal data gathered of UK residents.
The Independent has contacted Clearview AI for comment on the investigation and ruling.
ClearviewAI has previously been ordered to delete national data in Australia, France and Italy, however CEO Hoan Ton-That argued that GDPR legislation did not apply if it did not have business or customers in the country issuing the order.
“Clearview AI does not have a place of business in Italy or the EU, it does not have any customers in Italy or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR,” Mr Ton-That told TechCrunch earlier this year.
“We only collect public data from the open internet and comply with all standards of privacy and law. I am heartbroken by the misinterpretation by some in Italy, where we do no business, of Clearview AI’s technology to society. My intentions and those of my company have always been to help communities and their people to live better, safer lives.”