The Information Commissioner’s Office (ICO) in the UK on Monday fined facial recognition surveillance firm Clearview AI more than 7.5 million pounds ($9.5 million) for using images of people in the UK and elsewhere, that were collected from the web and social media to create a global online database that could be used for facial recognition.
The ICO has also issued an enforcement notice, ordering the company to stop obtaining and using the personal data of UK residents and delete data from its systems.
Clearview AI has collected more than 20 billion images of people’s faces and data from publicly available information on the internet and social media platforms all over the world to create an online database.
People were not informed that their images were being collected or used in this way, the ICO said in a statement.
“The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice,” said John Edwards, UK Information Commissioner.
People expect that their personal information will be respected, regardless of where in the world their data is being used, he said.
“That is why global companies need international enforcement. Working with colleagues around the world helped us take this action and protect people from such intrusive activity,” Edwards added.
Earlier this month, Clearview AI agreed to permanently ban businesses and other private entities from using its service.
Under a legal settlement, Clearview AI agreed to a new set of restrictions that ensure the company is in alignment with the Illinois Biometric Information Privacy Act (BIPA) in the US, a groundbreaking privacy law.
The ICO enforcement action came after a joint investigation with the Office of the Australian Information Commissioner (OAIC), which focused on Clearview AI’s use of people’s images, data scraping from the internet and the use of biometric data for facial recognition.
“This international cooperation is essential to protect people’s privacy rights in 2022. That means working with regulators in other countries, as we did in this case with our Australian colleagues,” said Edwards.