Clearview AI is a New York-based company that has developed facial recognition technology powered by publicly available data on the web, including social media such as Facebook, Instagram, LinkedIn and other online sources. There data collection it took the form of a massive web scraping activity which therefore involved an incalculable number of people, without explicit authorization from them.
For this reason, the Europen Privacy Guarantor, as well as other authorities dealing with protection of personal dataimposed a fine of 20 million euros on Clearview AI, also ordering the company to delete data relating to people located in Europe and prohibiting its further collection and processing through the facial recognition system.
However, there is something new that is significant. Answering a question posed by the journalist and writer Kashmir HillClearview AI’s lawyers responded as follows: “Clearview AI is not required to handle requests from individuals resident in the European Union. At one point Clearview AI voluntarily handled data access and deletion requests from European Union residents; Now he’s not doing it anymore“. The quotation mark, published on X by Hill himselfseems to sound like a declaration of war against European authorities for the protection of personal data. For our part, we contacted Clearview AI via email asking whether or not to confirm the statement: we have not received a response at the moment.
Clearview AI victory in the UK
Clearview AI’s alleged stance goes hand in hand with the court victory just obtained in the United Kingdom. The British judges ruled on appeal that the UK Data Protection Authority did not jurisdiction on the ways in which foreign agencies responsible for enforcing the laws in force possibly use the data of citizens from across the Channel.
Clearview AI has in fact offered and provides its services identity recognition starting from a face to various US public bodies. These agencies used Clearview AI’s app for identify people based on facial images and to conduct investigations.
According to what has been established, Clearview will not have to pay the fine of approximately 8.6 million euros decided by the British Privacy Guarantor. And, at this point, it is likely that the company will rely on the same defensive strategy to address the other causes.
On the other hand, in addition to the United Kingdom and Europe, countries such as France and Greece had also established fines of 20 million euros each. Not to mention the similar decisions of Canada and Australia. Taken together, the fines pose a significant threat to Clearview AI’s continued business.
In Europe understood as a continent, Clearview AI has underlined its role of (free) support to the Ukrainian authorities to allow them to recognize people for security purposes starting from biometric facial features. The moral is that as long as a company with its head office outside the borders of the Union does not do business in Europe, it seems to be able to effectively escape the stringent requirements contained in the GDPR (General Data Protection Regulation).
Opening image credit: iStock.com/govendemir