Clearview has no lawful basis for collecting and processing any of this data.Clearview processes both "regular" personal data (Article 4(1) GDPR) and sensitive or "special categories" data (Article 9(1) GDPR).The Regulation (EU) 2016/679 (General Data Protection Regulation) ("GDPR") applies to Clearview's collection and biometric processing of faces found online, as these consist in mass processing of European residents' personal data.The regulators have 3 months to respond after filing of the complaints. After various isolated complaints were filed by individuals against Clearview, and isolated enforcement actions taken by the Hamburg data protection authority and the Swedish data protection authority, the complaints seek a coordinated approach across Europe to tackle an inherently cross-border issue. Our European complaints are based on various "data subject access requests", as well as PI's technical and legal analyses of Clearview's practices. Various actions have been launched across the globe against Clearview's practices, in countries with biometrics or data protection regulation. Clearview then sells access to this database to private companies and law enforcement authorities. All these faces are then run through its proprietary facial software, to build a gigantic biometrics database. ![]() It uses an "automated image scraper" to search the web and collect any images that it detects as containing human faces. Simultaneously, similar complaints were filed by Hermes Centre for Transparency and Digital Human Rights in Italy, Homo Digitalis in Greece, and noyb - the European Center for Digital Rights in Austria.Ĭlearview is a facial recognition company claiming to have built "the largest known database of 3+ billion facial images". On, Privacy International (PI) filed complaints against Clearview AI with the UK and French data protection authorities (ICO and CNIL). Garante per la protezione dei dati personali (Italy) To read IMY's decision (in Swedish), click here.Information Commissioner's Office (ICO) (UK)Ĭommission Nationale de l'Informatique et des Libertés (CNIL) (France) Finally, the Police are ordered to ensure, to the extent possible, that any personal data transferred to Clearview AI is erased. In addition, the Police are ordered to inform the data subjects, whose data has been disclosed to Clearview AI, when confidentiality rules so allows. IMY also orders the Police to conduct further training and education of its employees in order to avoid any future processing of personal data in breach of data protection rules and regulations. IMY imposes an administrative fine of SEK 2,500,000 (approximately EUR 250,000) on the Police Authority for infringements of the Criminal Data Act. It is the responsibility of the Police to ensure that employees are aware of those rules, says Elena Mazzotti Pallard, legal advisor at IMY. ![]() There are clearly defined rules and regulations on how the Police Authority may process personal data, especially for law enforcement purposes. When using Clearview AI the Police has unlawfully processed biometric data for facial recognition as well as having failed to conduct a data protection impact assessment which this case of processing would require. The Police has failed to implement sufficient organisational measures to ensure and be able to demonstrate that the processing of personal data in this case has been carried out in compliance with the Criminal Data Act. IMY concludes that the Police has not fulfilled its obligations as a data controller on a number of accounts with regards to the use of Clearview AI. According to the Police a few employees have used the application without any prior authorisation. ![]() ![]() The investigation concludes that Cleaview AI has been used by the Police on a number of occasions. Upon news in the media of the Swedish Police Authority using the application Clearview AI for facial recognition the Swedish Authority for Privacy Protection (IMY) initiated an investigation against the Police. The Swedish Authority for Privacy Protection finds that the Swedish Police Authority has processed personal data in breach of the Swedish Criminal Data Act when using Clearview AI to identify individuals.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |