Every person worldwide is now identifiable through AI, but at a cost

The Hellenic Data Protection Authority (HDPA), which has as its mission the supervision of the application of the General Data Protection Regulation (GDPR), fined Clearview AI 20 million euros for unlawful processing of biometric data and ordered it to stop the collection of such data, as well as to delete all existing data.

   In particular, the Clearview AI company sells personal identification services, including facial recognition software to law enforcement agencies in the United States. The data subjects are the people in Greece, among other many countries.

   Clearview AI uses its software to monitor the behavior of people in Greece. The data processing had no legal basis and there was a lack of transparency concerning the processing operations. In any case, as the GDPR hub mentions, collecting images for a biometric search engine is illegal.

   The DPA held that the controller violated the principles of lawfulness and transparency (Article 5(1)(a), 6 and 9 GDPR) as well as its obligations under Article 12, 14, 15, and 27 GDPR, ending up with a fine of 20 million euros. At the same time, Clearview AI has received fines from authorities in other countries, such as the United Kingdom, Australia, France, and Italy.

   The New York Times on an article titled “The Secretive Company That Might End Privacy as We Know It”, on January 18, 2020, mentioned that a little-known start-up helps law enforcement match photos of unknown people to their online images. This Australian company invented a tool that could end our ability to walk down the street anonymously and provided it to hundreds of law enforcement agencies.

   This groundbreaking facial recognition app has the following capability: you take a picture of a person, upload it, and get to see public photos of that person, along with links to where those photos appeared. The company claims its facial recognition database contains about 20 billion images taken from public social media sources such as Facebook, Instagram, YouTube, and LinkedIn. Furthermore, the program can automatically collect images of people’s faces from across the internet, including employment sites, news sites, and educational sites. The system is capable to convert all the images into mathematical formulas, or vectors, based on facial geometry - like how far apart a person’s eyes are.

   Such tool can be used against shoplifting, identity theft, credit card fraud, murder, and child sexual exploitation cases. However, a private company as organization cannot do that without the ultimate supervision of public authorities. “The weaponization possibilities of this are endless,” said Eric Goldman, co-director of the High-Tech Law Institute at Santa Clara University.