A watchdog in France has ordered Clearview AI to delete its database of French faces. The controversial company amassed a database of selfies it scraped from Google and Facebook that it sells to law enforcement for facial recognition.
The Commission nationale de l’informatique et des libertés (CNIL) is an independent French administrative regulatory body that has given ClearView AI formal notice to cease in its “unlawful processing” of faces and says that its actions are a violation of Europe’s General Data Protection Regulation (GDPR), TechCrunch reports.
In an announcement of the filing, CNIL started to receive complaints from citizens about Clearview AI’s facial reconition software in May of 2020 and in response opened an investigation. The following May, the Privacy International association also alerted the CNIL to the practice. Through its investigation, CNIL found that Cleaerview AI breached GDPR twice: 1) for the unlawful processing of personal data (breach of article 6 of the GDPR) because their collection and use of biometric data is carried out without a legal basis and 2) for the lack of satisfactory and effective consideration of the rights of individuals, in particular requests for access to their data (articles 12, 15 and 17 of the GDPR).
CNIL has given Clearview AI two months to comply with the order and if it has not complied in that time, the president of the CNIL will be able to refer the matter to the restricted formation of the CNIL which may pronounce a sanction, which will very likely be a fine of some kind.
TechCrunch notes that because Clearview AI does not have any European base of operations, its business is open to regulatory action from across the European Union (EU). At present, the order from CNIL only applies to France but is likely the first of many from other EU agencies.
Clearview AI’s practices have already been ruled as a breach of privacy rights in Canada, Australia, and the United Kingdom. In the latter, the company is facing possible fines if it does not delete user data as ordered last month.
Clearview AI has been the center of controversy since it was discovered that it had scraped Google and Facebook to bolster its database and power its facial recognition technology. In February of 2020, the company was sent cease and desist letters from both Facebook and Google. In the following weeks, LinkedIn, Twitter, YouTube and others followed suit. In May, multiple complaints were filed against Clearview Ai across Europe.
The company’s CEO Hoan Ton-That has argued that its practice is protected by the First Amendment right to public information.
“We only collect public data from the open internet and comply with all standards of privacy and law,” Ton-That tells TechCrunch. “My intentions and those of my company have always been to help communities and their people to live better, safer lives.”
A Buzzfeed report from April showed widespread use of Clearview AI’s technology by United States law enforcement nationwide.
Image credits: Header photo licensed via Depositphotos.