Clearview AI ordered to comply with recommendations to stop collecting, sharing images
December 14, 2021
Three provincial privacy protection authorities have ordered facial recognition company Clearview AI to comply with recommendations flowing from a joint investigation with the Office of the Privacy Commissioner of Canada.
U.S.-based Clearview AI created and maintains a database of more than three billion images scraped from the internet without people’s consent. Clearview clients, which previously included the RCMP, are able to match photographs of people against the images in the databank using facial recognition technology.
In July 2020, Clearview advised Canadian privacy protection authorities that, in response to their joint investigation, it would cease offering its facial recognition services in Canada.
The joint investigation by the Office of the Privacy Commissioner of Canada and its counterparts – the Commission d’accès à l’information du Québec, the Information and Privacy Commissioner for British Columbia and the Information and Privacy Commissioner of Alberta – found that Clearview violated federal and provincial private-sector privacy laws by scraping images from the internet without permission.
The legally binding provincial orders require Clearview to:
- Stop offering its facial recognition services that have been the subject of the investigation in the three provinces;
- Stop collecting, using and disclosing images of people in the three provinces without consent; and
- Delete images and biometric facial arrays collected without consent from individuals in the three provinces.
“We welcome these important actions taken by our provincial counterparts. While Clearview stopped offering its services in Canada during the investigation, it had refused to cease the collection and use of Canadians’ data or delete images already collected,” says Privacy Commissioner of Canada Daniel Therrien.
“These orders also highlight once again significant shortcomings with the federal private sector privacy law. The Office of the Privacy Commissioner of Canada does not have order-making powers under the Personal Information Protection and Electronic Documents Act (PIPEDA).”
The OPC has called for amendments to PIPEDA to provide for quick and effective enforcement mechanisms. In many countries, this has been enabled through granting powers to the regulator to issue orders and impose significant monetary penalties.
Commissioner Therrien noted that recent amendments to Quebec’s privacy law and proposals for legislative reform in British Columbia and Ontario provide for greater authority to impose meaningful penalties and create strong incentives for businesses to comply with the law.
These changes would confer to provincial counterparts the authority to make orders- to issue financial penalties directly, subject to judicial review.
“All Canadians should have equal access to the same quick and effective corrective action when their privacy rights are violated,” says Commissioner Therrien.
The Information Commissioner’s Office in the U.K. recently announced its “provisional intent” to fine Clearview £17 million (approximately $29 million CDN) and order it to delete any data it held on U.K. citizens. The announcement follows a joint investigation by the ICO and the Office of the Australian Information Commissioner, which found that Clearview had violated privacy laws in both jurisdictions.
News release - Commission d’accès à l’information du Québec (Available in French only)
News release - Information and Privacy Commissioner for British Columbia
News release - Information and Privacy Commissioner of Alberta
Joint investigation of Clearview AI, Inc. by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, the Information and Privacy Commissioner for British Columbia, and the Information Privacy Commissioner of Alberta
- Date modified: