Canadian authorities have found that the collection of facial-recognition data by Clearview AI is illegal because it violates federal and provincial privacy laws, representing a win for individuals’ privacy and potentially setting a precedent for other legal challenges to the controversial technology.
A joint investigation of privacy authorities led by the Office of the Privacy Commissioner of Canada came to this conclusion Wednesday, claiming that the New York-based company’s scraping of billions of images of people from across the Internet represented mass surveillance and infringes on the privacy rights of Canadians, according to a release the Office posted online.
Moreover, the investigation found that Clearview had collected highly sensitive biometric information without people’s knowledge or consent, and then used and disclosed this personal information for inappropriate purposes that would not be appropriate even if people had consented.
“It is completely unacceptable for millions of people who will never be implicated in any crime to find themselves continually in a police lineup,” Canada’s Privacy Commissioner Daniel Therrien said in a statement. “Yet the company continues to claim its purposes were appropriate, citing the requirement under federal privacy law that its business needs be balanced against privacy rights.”
Clearview, founded in 2017 by Australian entrepreneur Hoan Ton-Thatand, is in the business of collecting what it calls “faceprints,” which are unique biometric identifiers similar to someone’s fingerprint or DNA profile, from photos people post online.
Since 2019, the company has come under considerable fire and faced legal challenges to its technology and business practices, part of a larger question of whether facial-recognition technologies being developed by myriad companies—including heavy hitters like Microsoft and IBM—should be legal at all.
Clearview to date has amassed a database of billions of these faceprints, which it sells to its clients. It also provides access to a smartphone app that allows clients to upload a photo of an unknown person and instantly receive a set of matching photos.
One of the biggest arguments in his company’s defense that Ton-Thatand has made in published reports is that there is significant benefit in using its technology in law enforcement and national security, which outweighs privacy concerns of individuals. Moreover, Clearview is not to blame if law enforcement misuses its technology.
The company made these same arguments in its case to the Canadian Privacy Commissioner, which the investigation shot down. Authorities also did not buy Clearview’s defense that privacy laws do not apply to its activities because the company has no connection to Canada, and that no consent was required because the photos were publicly available on websites.
The Commission d’accès à l’information du Québec, the Office of the Information and Privacy Commissioner for British Columbia and the Office of the Information and Privacy Commissioner of Alberta also took part in the investigation.
The decision in Canada likely will lend heft to other legal challenges not only to Clearview’s technology but facial recognition in general. Last May the American Civil Liberties Union sued Clearview for privacy violations in Illinois, a case that is ongoing. Lawmakers in the United States even have proposed a nationwide ban on facial recognition.
The technology also raises questions of racial bias and the potential for false accusations against innocent people. In December two Black man filed suit against police in Michigan, saying they were falsely IDed by facial-recognition technology—specifically, DataWorks Plus facial recognition software in use by Michigan State Police.
All of this public scrutiny and legal pressure is inspiring law enforcement to change course on finding merit in using facial recognition in their activities. In November, the Los Angeles Police Department banned the Clearview AI facial recognition platform after personnel were revealed to have been using the database, citing privacy concerns and under pressure from the ACLU and other groups.
Download our exclusive FREE Threatpost Insider eBook, Healthcare Security Woes Balloon in a Covid-Era World, sponsored by ZeroNorth, to learn more about what these security risks mean for hospitals at the day-to-day level and how healthcare security teams can implement best practices to protect providers and patients. Get the whole story and DOWNLOAD the eBook now – on us!