![]() ![]() The Article 6 breach is because Clearview does not obtain consent from people to use their facial biometrics, nor can it rely on a legitimate interest legal basis for collecting and using this data either - given what CNIL describes as the massive scale and “particularly intrusive” nature of the processing it’s carrying out. Two breaches of the GDPRįrance’s CNIL found that Clearview committed two breaches of the GDPR - violating Article 6 (the lawfulness of processing) by collecting and using biometric data without a legal basis and breaching a variety of data access rights set out out in Articles 12, 15 and 17. This year Clearview’s service has already been ruled in breach of privacy rules in Canada, Australia and the UK (which, post-Brexit, sits outside the EU but retains the GDPR in national law for now) - where it’s facing a possible fine and was also ordered to delete user data last month. So while the CNIL’s order only applies to data it holds on people from French territories - which the CNIL estimates covers “several” tens of millions of Internet users - more such orders are likely from other EU agencies. The US company does not have an established base in the EU - meaning its business is open to regulatory action across the EU, by any of the bloc’s data protection supervisors. The watchdog is acting on complaints against Clearview received since May 2020. In an announcement of the breach finding, the CNIL also gives Clearview formal notice to stop its “unlawful processing” and says it must delete user data within two months. Clearview, which also faced recent legal action in the UK, Australia and Illinois, must comply with CNIL’s notice within two months and provide supporting documentation or face sanctions under the French Data Protection Act of 1978.Controversial facial recognition company, Clearview AI, which has amassed a database of some 10 billion images by scraping selfies off the Internet so it can sell an identity-matching service to law enforcement, has been hit with another order to delete people’s data.įrance’s privacy watchdog said today that Clearview has breached Europe’s General Data Protection Regulation (GDPR). In October, the European Parliament adopted a resolution to ban biometric identification, specifically noting concerns over Clearview’s model. While a statement attributed to Clearview founder CEO Hoan Ton-That maintains Clearview is outside the scope of the GDPR since it has no place of business or customers in the EU, Recital 24 to the GDPR makes it applicable wherever the personal data of subjects in the EU is being processed for monitoring, regardless of whether the processor itself is established in the EU. ![]() Second, Clearview breached Articles 12, 15 and 17 of the GDPR, which provide the data subject with the right to access and obtain the erasure of the personal data being processed. CNIL specified that the “publicly accessible” nature of data does not authorize re-use without the subjects’ consent or knowledge. Clearview could not invoke “legitimate interests” since people’s fundamental freedoms override its purely commercial interests. First, Article 6 of the GDPR only permits data processing in certain cases, including when the subject has consented or for other legitimate interests to the extent that the use would not violate the subject’s fundamental rights. Clearview then sells this facial recognition tool to law enforcement agencies for identifying perpetrators or victims (such as from CCTV footage).įollowing complaints from Privacy International and several individuals, CNIL investigated whether Clearview breached the General Data Protection Regulation (GDPR), the EU’s overarching data privacy and protection law. It then derives a mathematical “biometric template” of each face based on its features, enabling it to be matched to other images with similar templates. France’s National Commission for Information and Liberty (CNIL) announced Thursday it had issued a notice on November 1 to US-based facial recognition company Clearview AI ordering the company to halt personal data collection of subjects on French territory and delete the existing data.ĬNIL noted Clearview extracts images of faces from social media sites, professional websites, blogs and videos. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |