Canada’s privacy regulators have ordered Clearview AI, the New York-based facial recognition company, to comply with a previous directive to stop collecting images of residents and delete pictures it has gathered.
The latest ruling comes on the heels of a finding last February following a joint investigation by the Privacy Commissioner of Canada and regional regulators in British Columbia, Alberta and Québec. The agencies found that Clearview violated privacy laws by collecting online images of Canadians without their knowledge or consent.
Privacy Commissioner of Canada Daniel Therrien said while Clearview stopped offering its facial recognition services in Canada, it has failed to halt collecting images of Canadians, or delete images it collected.
A 2020 investigation found that Clearview created and maintains a database of more than 3 billion images collected online without people’s consent. The technology allowed Clearview’s clients, which once included the Royal Canadian Mounted Police and other law enforcement agencies and privately held companies, can match these photographs against the images in the databank using facial recognition technology.
The ruling included recommendations that Clearview stop offering its facial recognition services in Canada; end the collection, use, and disclosure of images and biometric information of Canadians; and delete images and biometric facial information collected from Canadians.
In response to the joint investigation in 2020, Clearview told Canadian privacy protection authorities that it would cease offering its facial recognition services in Canada. The latest legally binding order against Clearview now forces it to comply.
Doug Mitchell, an attorney for Clearview, told PYMNTS the company is a search engine that collects public data, the same as larger companies, including Google, which is permitted to operate in Canada.
“Clearview believes the orders being sought are beyond the powers of the provincial privacy commissioners, as well as being unnecessary,” he said in an email. “To restrict the free flow of publicly available information in the sense proposed by the privacy commissioners would be contrary to the Canadian constitutional guarantee of freedom of expression”
Still, the company has faced similar trouble in France.
In December, PYMNTS reported Conseil Nationale de l’Informatique et des Libertés (CNIL), the French privacy regulator, ordered Clearview to stop collecting and using images and personal data obtained through facial recognition and to delete this data.
After an investigation, the agency concluded that Clearview failed to obtain the consent of the people in the photos to collect their images to supply its software. As a result, CNIL ruled that Clearview violated the EU General Data Protection Regulation for collecting and using biometric data without a legal basis and for failure to take into account the rights of individuals when they requested access to their data.
Clearview was given 60 days to comply. If the company fails to do so, the CNIL could impose sanctions, including fines.
The January edition of the Digital Identity Tracker®, PYMNTS examines how biometrics give consumers the smooth, secure verification and authentication experiences they desire as long as businesses and solutions providers are open about why they need personal data and what they are doing to keep it safe.
Last month, PYMNTS reported the French data protection watchdog levied Amazon and Google with significant financial penalties for allegedly violating regulations on the digital advertising trackers known as “cookies.” Amazon was ordered to pay 35 million euros ($42.5 million), while Google was told to pay 100 million euros ($121.5 million).