(by DailyAlts) – French privacy watchdog Commission Nationale Informatique & Libertes (CNIL) has deemed the facial recognition start-up Clearview AI to be in default of the privacy laws of the country because it unlawfully collected and used the personal/biometric data of the French people in the absence of a legal basis, and did not comply with individuals’ rights to access or delete their data. (CNIL)
In a statement released December 16, CNIL said it opened an investigation against Clearview AI based on complaints received as on May 2020. Its attention to Clearview’s practices was also drawn by Privacy International.
Clearview created biometric templates of people
CNIL claims that Clearview has collected over 10 billion photographs of people from the internet, including from social media and online videos. Thereafter, it builds a biometric template of the person, i.e. a digital representation of a person’s physical characteristics (the face in this case), with most people being unaware that such sensitive and personal data had been collected.
Clearview has built a searchable database from this data, according to CNIL, and sells it to law enforcement agencies to help in identification of criminals or their victims.
Privacy law violations
However, CNIL says Clearview has violated Article 6 of the GPDR by processing personal data without a legal basis or justification for doing so, nor does it obtain the consent of the persons concerned to collect and use their photographs to supply its software.
CNIL said Clearview’s massive and intrusive process was not legitimate against several tens of millions of Internet users in France.
“These people, whose photographs or videos are accessible on various websites, including social media, do not reasonably expect their images to be processed by the company to supply a facial recognition system that could be used by States for law enforcement purposes,” said CNIL.
The company also violated Articles 12, 15, and 17 of the GPDR by not respecting complainants’ rights to access their data that it has collected, and also does not respond effectively to their requests for access and erasure of that data.
Accordingly, CNIL ordered Clearview AI to cease the collection and use of data of persons on French territory in the absence of a legal basis; and to facilitate the exercise of individuals’ rights and to comply with requests for erasure.
In November, The Office of the Australian Information Commissioner (OAIC) and Privacy Commissioner Angelene Falk similarly found that Clearview AI breached Australia’s privacy laws through the covert collection of biometric information form the internet and then incorporating it into a facial recognition tool.
It ordered Clearview to stop collecting person’s facial images from the internet and destroy the data collected.