Privacy International (PI) and several other European privacy and digital rights organizations announced today that they’ve filed legal complaints against the controversial facial recognition company Clearview AI. The complaints filed in France, Austria, Greece, Italy, and the United Kingdom say that the company’s method of documenting and collecting data — including images of faces it automatically extracts from public websites — violates European privacy laws. New York-based Clearview claims to have built “the largest known database of 3+ billion facial images.”
PI, NYOB, Hermes Center for Transparency and Digital Human Rights, and Homo Digitalis all claim that Clearview’s data collection goes beyond what the average user would expect when using services like Instagram, LinkedIn, or YouTube. “Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users,” said PI legal officer Ioannis Kouvakas in a joint statement.
Far beyond what we could ever expect as online users
Clearview AI uses an image scraper to automatically collect publicly available photos of faces across social media and other websites to build out its biometric database. It then sells access to that database — and the ability to identify people — to law enforcement agencies and private companies.
The legality of Clearview AI’s approach to building its facial recognition service is the subject of a number of legal challenges globally. Authorities in the UK and Australia opened a privacy probe last year into the company’s data scraping techniques. In February, Canada’s privacy commissioners determined that Clearview’s face scraping is “illegal” and creates a system that “inflicts broad-based harm on all members of society, who find themselves continually in a police lineup.”
Swedish police were fined by the country’s data regulator for using Clearview’s offerings to “unlawfully” identify citizens. And in one case in Germany, the Hamburg Data Protection Agency ordered Clearview to delete the mathematical hash representing a user’s profile after he complained.
In the US, Clearview was sued by the American Civil Liberties Union in the state of Illinois in 2020 for violating the Illinois Biometric Privacy Act. The results of that lawsuit contributed to the company’s decision to stop selling its product to private US companies. Clearview also faced legal action in Vermont, New York and California.
The privacy watchdogs say regulators have three months to respond to their complaints. In the meantime, you can request any data Clearview might have on you via the email and forms provided on its site and ask that your face be omitted from client searches.