Privacy campaign groups filed legal complaints on Thursday with European regulators against Clearview AI, alleging the facial recognition technology it provides to law enforcement agencies and businesses breaches stringent European Union privacy rules.
Four groups complained to data protection authorities in France, Austria, Greece, Italy and the UK about Clearview's practices. They say the company stockpiled biometric data on more than 3 billion people without their knowledge or permission by “scraping" their images from websites.
The complaints say Clearview didn't have any legal basis to collect and process this data under the European Union's General Data Protection Regulation, which covers facial image data. Britain adopted its own version of the EU privacy rules after it left the bloc.
“Clearview AI has never had any contracts with any EU customer and is not currently available to EU customers," CEO Hoan Ton-That said in a statement.
News of Clearview's stockpile, first reported by The New York Times, raised concerns that the type of surveillance seen in China could happen in Western democracies.
Privacy International said European data protection laws clearly outline the purposes for which companies can use personal data.
“Extracting our unique facial features or even sharing them with the police and other companies goes far beyond what we could ever expect as online users," said Ioannis Kouvakas, London-based Privacy International's legal officer.
Italy's Hermes Center for Transparency and Digital Human Rights, Greece's Homo Digitalis and Austria's noyb were also part of the challenge. The complaints are partly based on requests individuals can file to see what data a company holds on them. Ton-That said Clearview “voluntarily processed" the requests, which "only contain publicly available information, just like thousands of others we have processed."
Clearview is already facing global scrutiny.
American civil liberties activists filed a similar legal challenge in March that sought to bar Clearview from collecting biometric information in California and force it to delete data on Californians collected from sites including Facebook, Twitter, Google and Venmo.
Meanwhile, privacy watchdogs in Britain, Australia and Canada have opened investigations into the company.