Digital Rights alliance file legal complaints across Europe against facial recognition company Clearview AI
Today, noyb and other EU digital rights organisations filed legal complaints to stop online mass surveillance by facial recognition company Clearview.
Complaints in five countries. A coalition of organisations including noyb, Privacy International (PI), Hermes Center and Homo Digitalis has filed a series of submissions against Clearview AI, Inc., a facial recognition company that claims to have "the largest known database of 3+ billion facial images" attained from social media accounts and other online sources. The complaints were submitted to data protection regulators in France, Austria, Italy, Greece and the United Kingdom.
Clearview’s dishonest practices. The company became widely known in January 2020, when a New York Times investigation revealed its practices to the world. Prior to this, Clearview had operated with intentional secrecy, while offering its product to law enforcement agencies in various countries, as well as to private companies. The company uses an automated image scraper, a tool that searches the web and collects any images that it detects as containing human faces. Along with these images, the scraper also collects metadata associated with these images, such as the image or webpage title, geolocation, and source link. Both the facial images and any accompanying metadata are stored on Clearview’s servers indefinitely.
"European data protection laws are very clear when it comes to the purposes companies can use our data for. Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users". - Ioannis Kouvakas, Legal Officer at PI
Multiple authorities are on the case. The five submissions add to the series of investigations launched in the wake of last year’s revelations and noyb’s past intervention in a case before the Hamburg data protection authority. Currently, both the UK and Italian regulators are looking into the company’s practices. Clearview has also been reported to have entered into contracts with law enforcement authorities in Europe. In Greece, following a query submitted by Homo Digitalis, the police have denied collaboration with the company.
"It is important to increase scrutiny over this matter. The DPAs have strong investigative powers and we need a coordinated reaction to such public-private partnerships.” - Marina Zacharopoulou, Lawyer and member of Homo Digitalis.
Last month, the Italian data protection authority blocked police forces from using real time facial recognition.
“Facial recognition technologies threaten our online and offline lives. By surreptitiously collecting our biometric data, these technologies introduce a constant surveillance of our bodies.”- Fabio Pietrosanti, President of the Hermes Center.
Facial recognition is extremely intrusive. That is why the use of such systems, and particularly any business model that relies on them, raises grave concerns for modern societies and individuals’ freedom.
“Just because something is online, does not mean it is fair game to be appropriated by others in any way they want to - neither morally nor legally. Data protection authorities need to take action and stop Clearview and similar organisations from hoovering up the personal data of EU residents.” - Alan Dahi, Data Protection Lawyer at noyb.
Next Steps. The regulators now have 3 months to provide a first response to the complaints. We expect them to join forces in ruling that Clearview’s practices have no place in Europe. In the meantime, individuals can ask Clearview whether their face is their database and request that their biometric data no longer be included in the searches the company’s clients perform.