Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

UK: ICO fines Clearview AI over £7.5M and orders UK data to be deleted

The Information Commissioner's Office ('ICO') announced, on May 23, 2022, its decision to fine Clearview AI Inc. £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition, in violation of UK data protection laws, following investigation.

Background to the decision

In particular, the ICO noted that the decision follows the conclusion of the joint investigation of the ICO and the Office of the Australian Information Commissioner ('OAIC') into Clearview AI's use of images, data scraped from the internet, and biometrics for facial recognition, which resulted in the announcement of ICO's provisional intent to fine Clearview AI over £17 million.

Specifically, the ICO highlighted that Clearview AI collected over 20 billion images of individual's faces and data from publicly available information on the internet and social media platforms all over the world to create an online database and that those individuals were not informed of such data collection. The ICO further provided that, although Clearview AI no longer offers its services to UK organisations, the company has customers in other countries, so the company is still using personal data of UK residents.

Findings of the ICO

Notably, the ICO violated UK data protection laws by:

  • failing to use the information of people in the UK in a way that is fair and transparent, given that individuals are not made aware or would not reasonably expect their personal data to be used in this way;
  • failing to have a lawful reason for collecting people's information;
  • failing to have a process in place to stop the data being retained indefinitely;
  • failing to meet the higher data protection standards required for biometric data which is classed as 'special category data' under the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR’) and the UK GDPR; and
  • asking for additional personal information, including photos, when asked by members of the public if they are on their database, which may have acted as a disincentive to individuals who wish to object to their data being collected and used.

Outcomes

As a result, the ICO fined Clearview AI £7,552,800 and ordered the same to stop obtaining and using the personal data of UK residents that is publicly available on the internet, as well as to delete the data of UK residents from its systems.

You can read the press release here.

UPDATE: October 17, 2023

Tribunal overturns ICO enforcement and penalty notices issued against Clearview AI

On October 17, 2023, the First-tier Tribunal (the Tribunal) issued a decision overturning the Information Commissioner's Office (ICO) Enforcement Notice and Monetary Penalty Notice issued to Clearview AI Inc. in May 2022.

The Tribunal held that the ICO did not have jurisdiction to issue the Enforcement Notice and the Monetary Penalty Notice to Clearview AI because although the processing undertaken by Clearview AI was related to the monitoring of data subjects' behavior in the UK, the processing was beyond the material scope of the GDPR and was not relevant processing for the purposes of Article 3 of the UK GDPR.

You can read the decision here.