The Information Commissioner's Office (ICO) has issued a provisional fine of £17 million to controversial Australian firm Clearview AI over its handling of UK personal data.
RELATED RESOURCE
Prevent fraud and phishing attacks with DMARC
How to use domain-based message authentication, reporting, and conformance for email security
Despite no longer operating in the country, the firm has also been told to stop processing UK personal data and delete any it has.
The company, which provides mass databases and facial recognition technology for law enforcement agencies, has already been found to have broken Australian privacy law and been hit with cease and desist notices from the likes of Facebook and Twitter for scraping public images for its systems.
After a joint investigation with the Australian ICO, the UK's data regulator found that Clearview had violated "several" data protection laws in the UK. It also found the company may be "continuing to process significant volumes of UK people's information" without their knowledge.
"I have significant concerns that personal data was processed in a way that nobody in the UK will have expected," said Information Commissioner Elizabeth Denham said.
"It is therefore only right that the ICO alerts people to the scale of this potential breach and the proposed action we're taking. UK data protection legislation does not stop the effective use of technology to fight crime, but to enjoy public trust and confidence in their products technology providers must ensure people's legal protections are respected and complied with."
In response, Clearview called the regulator's claims "factually and legally incorrect". The company's founder and CEO, Hoan Ton-That, also said that the ICO had "misinterpreted" his technology and intentions.
"My company and I have acted in the best interests of the UK and their people by assisting law enforcement in solving heinous crimes against children, seniors, and other victims of unscrupulous acts. We collect only public data from the open internet and comply with all standards of privacy and law," Ton-That said, according to the BBC.
Clearview can challenge the proposed fine before a final decision is made midway through 2022.
-
What does modern security success look like for financial services?Sponsored As financial institutions grapple with evolving cyber threats, intensifying regulations, and the limitations of ageing IT infrastructure, the need for a resilient and forward-thinking security strategy has never been greater
-
Yes, legal AI. But what can you actually do with it? Let’s take a look…Sponsored Legal AI is a knowledge multiplier that can accelerate research, sharpen insights, and organize information, provided legal teams have confidence in its transparent and auditable application
-
Cyber attacks have rocked UK retailers – here's how you can stay safeNews Following recent attacks on retailers, the NCSC urges other firms to make sure they don't fall victim too
-
ICO admits it's too slow dealing with complaints – so it's eying up automation to cut staff workloadsNews The UK's data protection authority has apologized for being slow to respond to data protection complaints, saying it's been overwhelmed by increased workloads.
-
“Limited resources” scupper ICO probe into EasyJet breachNews The decision to drop the probe has been described as “deeply concerning” by security practitioners
-
PowerEdge - Cyber resilient infrastructure for a Zero Trust worldWhitepaper Combat threats with an in-depth security stance focused on data security
-
Surge in workplace monitoring prompts new ICO guidelines on employee privacyNews Detailed guidance on how to implement workplace monitoring could prevent data protection blunders
-
Anticipate, prevent, and minimize the impact of business disruptionsWhitepaper Nine best practices for building operational resilience
-
Three steps to transforming security operationsWhitepaper How to be more agile, effective, collaborative, and scalable
-
Top ten ways to anticipate, eliminate, and defeat cyber threats like a bossWhitepaper Improve your cyber resilience and vulnerability management while speeding up response times
