The UK’s Information Commissioner’s Office (ICO) charges that Clearview AI failed to use data fairly and transparently because the firm did not inform UK residents that it was collecting their personal biometric data. It also says that Clearview did not have a legitimate reason to scrape people’s personal information and does not have a method in place to stop it from being retained indefinitely. All of these actions break UK data-collection rules. It is unclear whether the ICO can force Clearview to comply. Privacy watchdogs in other EU countries have issued similar edicts. However, founder and CEO Ton-That contends that his company has no contracts with agencies in the EU and that the service is not available in any member nations including the UK.
“While we appreciate the ICO’s desire to reduce their monetary penalty on Clearview AI, we nevertheless stand by our position that the decision to impose any fine is incorrect as a matter of law,” said a company spokesperson. “Clearview AI is not subject to the ICO’s jurisdiction, and Clearview AI does no business in the U.K. at this time.” However, the firm did sell its services to several agencies in the UK in previous years, including the Metropolitan Police, Ministry of Defense, and National Crime Agency. It pulled out of the UK market under pressure but presumably, still keeps records of UK residents in its database. The ICO told The Verge that if Clearview does not comply with the order, it can issue more fines. However, that does not change that it has no other means to enforce the decision. In other words, if Clearview ignores the first mandate, what will stop it from ignoring further orders? Regardless of whether the ICO’s actions have any teeth or not, the regulator has given the company 28 days to enter an appeal. Barring a positive outcome for Clearview, it has six months to delete UK data and pay the £7.5 million fine. Image credit: Match by Andrey Popov, Clearview AI by Ascannio