ICO may fine Clearview AI Inc over £17 million
The ICO announced yesterday its provisional intent to impose a ‘potential’ fine of just over £17 million on Clearview AI Inc.
The ICO has also issued a provisional notice to stop further processing of the personal data of people in the UK. The announcement stems from a joint investigation by the ICO and the Office of the Australian Information Commissioner, which focused on Clearview AI Inc’s use of images, data scraped from the Internet and the use of biometrics for facial recognition.
Edward Machin, a lawyer in Ropes & Gray’s Privacy, Data Protection and Cybersecurity team said:
“Announcing its ‘provisional intent’ to issue a ‘potential fine’ suggests that the ICO may now be incorporating an element of self-preservation in its approach to enforcement. This approach looks more like the starting point for a discussion about liability rather than a final and unilaterally determined penalty. Given that each of the ICO’s provisional fines have been reduced on appeal, often significantly, there’s logic in wanting to avoid a similar fate in future cases. But having publicly trailed a large headline figure, if the final penalty is reduced or scrapped entirely it risks the ICO being seen as a regulator that struggles to get its largest enforcement actions across the line.”
Information Commissioner, Elizabeth Denham, said:
“I have significant concerns that personal data was processed in a way that nobody in the UK will have expected. It is therefore only right that the ICO alerts people to the scale of this potential breach and the proposed action we’re taking. UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people’s legal protections are respected and complied with.
“Clearview AI Inc’s services are no longer being offered in the UK. However, the evidence we’ve gathered and analysed suggests Clearview AI Inc were and may be continuing to process significant volumes of UK people’s information without their knowledge. We therefore want to assure the UK public that we are considering these alleged breaches and taking them very seriously.”
Ms Denham’s term as Information Commissioner ends today.