It has been reported that a Clearview AI fine in the sum of £17m is being considered by the Information Commissioner’s Office (ICO) over allegations that serious data breaches have occurred.
The issue is about the collection of public images and how they have been used by the company as part of facial recognition technology that it offers. The ICO has suggested that the processing of the public information may not be as expected by data subjects, and it may be deemed as unfair. The company disputes that they have done anything wrong and has pointed out that the images they use are already available in the public domain.
This could be a substantial fine if it is issued, and the question over whether the data processing of the information in question was lawful or not could be a contentious one.
About the potential Clearview AI fine
It has been reported in the media that the Clearview AI fine could be in the sum of a massive £17m after the US-based firm was reportedly found to have committed serious breaches of the GDPR by the ICO.
It is understood that the company has collected images of people from social media sites like Facebook and then applied facial recognition technology to its stock of photos. They reportedly have over 10 billion images that they have gathered from online, and it is assumed that there will be a large number of people who are based in the UK.
According to The Guardian, the alleged breach arises from what has been described as a failure to process information for people in the UK in a way that was to be expected or in a fair way. It has also been reported that the company did not have adequate processes in respect of the retention of information collected, and that it may not have had a legal reason to collect the information that it has done.
Clearview AI has reportedly rebutted the allegations so far, stating that the findings made by the regulator are “factually and legally incorrect”. It is understood that an appeal is being considered.
Is the company in breach of data protection laws?
If a substantial Clearview AI fine is issued by the ICO, given that we are talking about an amount that could be in the £17m mark, we would be surprised if the company did not appeal any final decision. The big question comes down to whether or not they have broken data laws given that the images used are understood to be available in the public domain anyway.
The ICO seems to have already said that this is about whether people would expect that their images that are in the public domain would be used in such a way, and whether such use would be determined as fair or not. It seems that this issue comes down to a processing matter, and whether there can be justification for the processing of the information in question, and how it has been used.
The GDPR is stringent, and it is intended to be so to allow people to have much greater control over their personal information, especially in today’s digital age. I would not personally expect that an image of me that is in the public domain would end up being used in such a way, and I would imagine that many others would feel the same. On this basis, if the ICO firmly considers that this lack of expectation for how such public data has been processed is unexpected, they could establish a finding that the law has been breached.
We have taken claims for data breach compensation forward and succeeded with them where the issues come down to the fair processing of information.
Deletion issues and changes made
The Guardian has also reported that people who may have wanted their information to be erased may have been put off because Clearview reportedly had been asking for more personal information, including photographs, as part of processing deletion requests.
Whether a Clearview AI fine is to be issued or not, notably, a trial for law enforcement agencies in the UK to use their technology is understood to no longer be available. This does not amount to an admission of anything, but it is notable nonetheless.