![]() ![]() ![]() the failure to comply with the principles of lawfulness, fairness and transparency, since the data subjects had no contact with the Company, they were not directly or indirectly informed of the activities carried out by the Company, nor they received any information even by consulting the Clearview website.There was also a purpose completely autonomous to the client’s ones, consisting in making available, upon payment, information -such as images and metadata- useful to clients for different and further purposes.Ĭlearview's mistaken belief that the European legislation was inapplicable has resulted in the violations of the major principles and obligations set forth in the GDPR, including: Moreover, the Italian DPA confirmed that the company operated as a data controller, since it defined the methods and sources of data collection, created the facial recognition algorithm and determined the parameters for indexing its information and enriching it with metadata useful for more effective search results. other EU DPA (Sweden) confirmed the existence of the processing in the EU territory.in the past the service was also extended to European territory, as stated by the company itself.the privacy requests of the Italian data subjects had been satisfied (although partially).However, the Italian DPA deemed that the service fell within the scope of the GDPR, since: was not freely available to the public, but, as stated by the company itself, was targeted for certain categories of clients, including police forces and government agencies.ĭuring the preliminary phase, the Company declared that the services were not offered in Europe and, for this reason, it had not complied with the obligations provided for by the GDPR and that, in any case, it did not offer such service as a data controller. The biometric search service offered by Clearview AI Inc. Upon client's request to obtain images of a specific person, the artificial intelligence system created by the American company interrogated its database: first matching the requested image with its own data, then extracting all the corresponding images and finally presenting them to the client as a result of the search together with the metadata and the associated links. These images, processed into biometric data (512 vectors were used to identify the individual lines of a face), were then combined with metadata that could reveal particularly sensitive information, such as racial or ethnic origin, political opinions, religious or philosophical beliefs or even trade union membership or the title of the photo or web page, the link to the source, the geolocation, gender, date of birth, nationality and language. social networks, blogs, websites, etc.) from publicly accessible sources through web scraping techniques such images were subjected to a biometric processing with subsequent hashing for indexing and search purposes. In particular, the platform was based on a database of over 10 billion facial images collected on the Internet (e.g. Furthermore, the company must provide a EU representative as a point of contact for EU data subjects and the supervisory authority.The platform developed by Clearview was a search engine, based on a machine learning technology that is subject to a patent application, which allows the service's client to find within the database the facial images of the searched subject. ![]() It must also delete the biometric information needed to search for a specific face. ![]() In Italy, Clearview AI must now, in addition to the 20 million Euro fine, not only delete all images of Italian citizens from its database. Then, in December, the French CNIL ordered Clearview to stop processing citizens’ data and gave it two months to delete all the data it had stored, but did not mention any explicit financial sanction. Last November, the UK ICO warned of a potential 17 million pound fine against Clearview, and in this context, and also ordered Clearview to stop processing data. For example, fair and lawful processing was not carried out within the data protection framework, and there was no lawful basis for the collection of information and no appropriate transparency and data retention policies. The data protection authority has found Clearview AI to be in breach of numerous GDPR requirements. Clearview AI’s facial recognition system uses over 10 billion images from the internet and prides themself to have the largest biometric image database in the world. The Italian data protection authority “Garante” has fined Clearview AI 20 million Euros for data protection violations regarding its facial recognition technology. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |