UK privacy watchdog fines Clearview £7.5 million and orders database purge

[Cal Jeffrey]

A hot potato: A privacy regulator in the United Kingdom has mandated that contentious facial recognition firm Clearview AI scrub its database of all UK citizens' data. It also fined the US company £7.5 million ($9.4 million) for violations of local privacy laws.

The UK's Information Commissioner's Office (ICO) charges that Clearview AI failed to use data fairly and transparently because the firm did not inform UK residents that it was collecting their personal biometric data. It also says that Clearview did not have a legitimate reason to scrape people's personal information and does not have a method in place to stop it from being retained indefinitely. All of these actions break UK data-collection rules.

It is unclear whether the ICO can force Clearview to comply. Privacy watchdogs in other EU countries have issued similar edicts. However, founder and CEO Ton-That contends that his company has no contracts with agencies in the EU and that the service is not available in any member nations including the UK.

"While we appreciate the ICO's desire to reduce their monetary penalty on Clearview AI, we nevertheless stand by our position that the decision to impose any fine is incorrect as a matter of law," said a company spokesperson. "Clearview AI is not subject to the ICO's jurisdiction, and Clearview AI does no business in the U.K. at this time."

However, the firm did sell its services to several agencies in the UK in previous years, including the Metropolitan Police, Ministry of Defense, and National Crime Agency. It pulled out of the UK market under pressure but presumably, still keeps records of UK residents in its database.

The ICO told The Verge that if Clearview does not comply with the order, it can issue more fines. However, that does not change that it has no other means to enforce the decision. In other words, if Clearview ignores the first mandate, what will stop it from ignoring further orders?

Regardless of whether the ICO's actions have any teeth or not, the regulator has given the company 28 days to enter an appeal. Barring a positive outcome for Clearview, it has six months to delete UK data and pay the £7.5 million fine.

Image credit: Match by Andrey Popov, Clearview AI by Ascannio

Permalink to story.

https://www.techspot.com/news/94685-uk-privacy-watchdog-fines-clearview-75-million-orders.html

 

[Puiu]

If it has a database of citizens of a country then they should be forced to delete it.

 

[VaRmeNsI]

If it has a database of citizens of a country then they should be forced to delete it.

Why? ICO has no jurisdiction.

 

[George Keech]

Why? ICO has no jurisdiction.

They 100% do, just because you don't do business in a country doesn't mean the people in that country are not protected by a data privacy laws.

Clearview want to seem like they are not but if the whole point is you are not allowed to collect this data on citizens then it is included.

 

[Puiu]

Why? ICO has no jurisdiction.

They do.

 

[Sathi43]

You get fined only if you get caught

 

[ZedRM]

If it has a database of citizens of a country then they should be forced to delete it.

And that's what give the UK it's jurisdiction. Clearview has data files on UK citizens, therefore the UK government has the authority to take action on that data, regardless of where in the world that data is stored. National sovereignty interests. Clearview had better get it's act together, comply with the order and pay the fines or they're going to end up with a foot in their corporate bums!

Why? ICO has no jurisdiction.

Wrong, see above.