Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: ICO announces provisional intent to fine Clearview AI over £17 million

The Information Commissioner's Office ('ICO') announced, on 29 November 2021, its provisional intent to impose a potential fine of just over £17 million on Clearview AI, Inc., as well as having issued a provisional notice to stop further processing of the personal data of people in the UK and to delete it following alleged serious breaches of the UK's data protection laws.

Background to the announcement

In particular, the announcement follows a joint investigation by the ICO and the Office of the Australian Information Commissioner ('OAIC') focusing on Clearview AI's use of images, data scraped from the internet, and the use of biometrics for facial recognition, and OAIC's conclusion of its investigation which found Clearview AI in breach of Australian privacy laws. In addition, the announcement notes, among other things, the possibility for customers to provide an image to the company to carry out biometric searches, including facial recognition searches, on their behalf to identify relevant facial image results against a database of over 10 billion images, highlighting that the images included in Clearview AI's database may have been gathered without people's knowledge.

Findings of the ICO

The ICO's preliminary view is that Clearview AI appears to have failed to comply with UK data protection laws in several ways including by:

  • failing to process the information of people in the UK in a way they are likely to expect or that is fair;
  • failing to have a process in place to stop the data being retained indefinitely;
  • failing to have a lawful reason for collecting the information;
  • failing to meet the higher data protection standards required for biometric data which is classed as special category data under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and the UK GDPR;
  • failing to inform people in the UK about what is happening to their data; and
  • asking for additional personal information, including photos, which may have acted as a disincentive to individuals who wish to object to their data being processed.

Outcomes

As a result of the above, the ICO issued its provisional intent to impose a potential fine of just over £17 million on Clearview AI and a provisional notice to stop further processing and delete the personal data of people in the UK.

Finally, the announcement notes that Clearview AI can make representations in respect of the above alleged breaches and that a final decision is expected to be made by mid-2022.

You can read the announcement here.