Controversial facial recognition company Clearview AI has been ordered to remove all data on UK residents by the country’s privacy watchdog, the Information Commissioner’s Office (ICO). The ICO also fined Clearview £7.5 million ($9.4 million) for failing to comply with UK data protection laws.
It is the fourth time Clearview has been ordered to delete national data in this way, following similar orders and fines issued in Australia, France and Italy.
Clearview claims its facial recognition database contains some 20 billion images scraped from public sources such as Facebook and Instagram. It previously sold its software to a range of private users and companies, but recently agreed to restrict its sales to federal agencies and law enforcement agencies in the US following a lawsuit filed by the American Civil Liberties Union (ACLU).
In the UK, Clearview AI’s services have been used in the past by law enforcement officers, including the Metropolitan Police, the Ministry of Defense and the National Crime Agency. ICO says the company “no longer offers its services to UK organizations”, but notes that the data it has collected from UK residents can still be used by customers in other countries.
In a press statement, UK information commissioner John Edwards said Clearview had likely gathered a lot of information about UK residents. “The company not only enables identification of those people, but effectively monitors their behavior and offers it as a commercial service. That is unacceptable,” said Edwards. “That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement order.”
The ICO said Clearview has violated several principles of UK data protection law, including not using data in a manner that is “fair and transparent” (as residents’ images were scraped without their knowledge or consent), “lack of an lawful reason for collecting information from people” and “not having a process to prevent the data from being kept indefinitely”.
While ICO has fined Clearview and ordered the company to remove UK data, it is unclear how this could be enforced if Clearview has no business or customers in the country to impose sanctions. In response to a similar removal order and fine issued in Italy under EU law earlier this year, Clearview CEO Hoan Ton-That replied that the US-based company was simply not subject to EU law. We have reached out to both the ICO and Clearview for clarification on these points.