Welcome to our

Cyber Security News Aggregator

.

Cyber Tzar

provide a

cyber security risk management

platform; including automated penetration tests and risk assesments culminating in a "cyber risk score" out of 1,000, just like a credit score.

U.K. Govt. Fines Clearview $22.6 Mn Over Privacy Violations

published on 2021-12-01 14:02:51 UTC by CISOMAG
Content:

From bringing up PSIT Bill to strengthen the IoT devices security to collaborating with other countries to boost cybersecurity, the U.K. government is in full action to thwart growing security incidents in the country. Recently, the Information Commissioner’s Office (ICO) in the U.K. imposed a potential fine of £17 million ($22.6m) on Clearview AI Inc for violating data protection laws. The agency also issued a provisional notice to Clearview stating to stop the processing of users’ personal data in the U.K. and to delete any data in its possession.

Clearview AI is a facial recognition platform that provides software to companies, law enforcement, universities, and individuals.

Background

The penalty comes after a joint investigation by the ICO and the Office of the Australian Information Commissioner (OAIC) that revealed Clearview had violated privacy laws by harvesting users’ sensitive information without their consent and unfair methods. The investigation found that Clearview leveraged users’ images, data scraped from the internet, and their biometric details for its facial recognition platform.

Customers of Clearview are provided an image to the company to carry out biometric searches, including facial recognition searches, on their behalf to identify relevant facial image results against a database of over 10 billion images.

Also Read: Australian Privacy Regulator Slams Clearview AI for Breaching Users’ Privacy

“The images in Clearview AI Inc’s database are likely to include the data of a substantial number of people from the U.K. and may have been gathered without people’s knowledge from publicly available information online, including social media platforms. The ICO also understands that the service provided by Clearview AI Inc was used on a free trial basis by a number of U.K. law enforcement agencies, but that this trial was discontinued and Clearview AI Inc’s services are no longer being offered in the U.K.,” the ICO said in a statement.

According to the ICO, Clearview has failed to comply with the U.K. data protection laws in several ways, including:

  • Failing to process the information of people in the U.K. in a way they are likely to expect or that is fair
  • Failing to have a process in place to stop the data from being retained indefinitely
  • Failing to have a lawful reason for collecting the information
  • Failing to meet the higher data protection standards required for biometric data (classed as ‘special category data’ under the GDPR and U.K. GDPR)
  • Failing to inform people in the U.K. about what is happening to their data
  • Asking for additional personal information, including photos, which may have acted as a disincentive to individuals who wish to object to their data being processed

Clearview Triggered Identity Threats: OAIC   

Earlier, Australia’s privacy watchdog, the Office of the Australian Information Commissioner (OAIC), stated that Clearview did not take any steps to stop collecting scraped images of Australians, generating image vectors from those images, and disclosing any Australians in matched images to its registered users. The agency stated the exposure of Clearview’s intrusive practices would certainly cause security concerns across various government officials.

Commenting on the proposed fine, the U.K. Information Commissioner, Elizabeth Denham, said, “I have significant concerns that personal data was processed in a way that nobody in the U.K. will have expected. It is, therefore, only right that the ICO alerts people to the scale of this potential breach and the proposed action we’re taking. U.K. data protection legislation does not stop the effective use of technology to fight crime but to enjoy public trust and confidence in their products, technology providers must ensure people’s legal protections are respected and complied with.

“Clearview AI Inc’s services are no longer being offered in the U.K. However, the evidence we’ve gathered and analyzed suggests Clearview AI Inc were and maybe continue to process significant volumes of U.K. people’s information without their knowledge. We, therefore, want to assure the U.K. public that we are considering these alleged breaches and taking them very seriously.”

The post U.K. Govt. Fines Clearview $22.6 Mn Over Privacy Violations appeared first on CISO MAG | Cyber Security Magazine.

Article: U.K. Govt. Fines Clearview $22.6 Mn Over Privacy Violations - published almost 3 years ago.

https://cisomag.eccouncil.org/u-k-govt-fines-clearview-22-6-mn-over-privacy-violations/   
Published: 2021 12 01 14:02:51
Received: 2021 12 01 14:06:05
Feed: Ciso Mag - All
Source: CISO Mag
Category: Cyber Security
Topic: Cyber Security
Views: 3

Custom HTML Block

Click to Open Code Editor