Skip to content

Clearview AI’s practices represented unlawful mass surveillance of Canadians, says privacy commissioner

Daniel Therrien, privacy commissioner of Canada

An investigation has found that technology company Clearview AI’s scraping of billions of images of people from across the internet represented mass surveillance and was a clear violation of the privacy rights of Canadians.

The joint investigation by the Office of the Privacy Commissioner of Canada, the Commission d’accès à l’information du Québec, the Office of the Information and Privacy Commissioner for British Columbia and the Office of the Information and Privacy Commissioner of Alberta concluded the New York-based technology company violated federal and provincial privacy laws.

Clearview AI’s technology allowed law enforcement and commercial organizations to match photographs of unknown people against the company’s databank of more than 3 billion images, including of Canadians and children, for investigation purposes. Commissioners found this creates the risk of significant harm to individuals, the vast majority of whom have never been and will never be implicated in a crime.

“What Clearview does is mass surveillance, and it is illegal,” said Daniel Therrien, privacy commissioner of Canada, in a news release. “It is completely unacceptable for millions of people who will never be implicated in any crime to find themselves continually in a police lineup. Yet the company continues to claim its purposes were appropriate, citing the requirement under federal privacy law that its business needs be balanced against privacy rights. Parliamentarians reviewing Bill C-11 may wish to send a clear message, through that bill, that where there is a conflict between commercial objectives and privacy protection, Canadians’ privacy rights should prevail.”

The investigation found Clearview had collected highly sensitive biometric information without the knowledge or consent of individuals. Furthermore, Clearview collected, used and disclosed Canadians’ personal information for inappropriate purposes, which cannot be rendered appropriate via consent.

When presented with the investigative findings, Clearview argued that:

  • Canadian privacy laws do not apply to its activities because the company does not have a “real and substantial connection” to Canada;
  • consent was not required because the information was publicly available;
  • * individuals who placed or permitted their images to be placed on websites that were scraped did not have substantial privacy concerns justifying an infringement of the company’s freedom of expression;
  • given the significant potential benefit of Clearview’s services to law enforcement and national security and the fact that significant harm is unlikely to occur for individuals, the balancing of privacy rights and Clearview’s business needs favoured the company’s entirely appropriate purposes; and
  • Clearview cannot be held responsible for offering services to law enforcement or any other entity that subsequently makes an error in its assessment of the person being investigated.

Commissioners rejected these arguments. They were particularly concerned the organization did not recognize the mass collection of biometric information from billions of people, without express consent, violated the reasonable expectation of privacy of individuals and the company was of the view that its business interests outweighed privacy rights.

On the applicability of Canadian laws, they noted Clearview collected the images of Canadians and actively marketed its services to law enforcement agencies in Canada. The RCMP became a paying customer and a total of 48 accounts were created for law enforcement and other organizations across the country.

The investigation also noted the potential risks to individuals whose images were captured and included in Clearview’s biometric database. These potential harms include the risk of misidentification and exposure to potential data breaches.

The privacy authorities recommended Clearview stop offering its facial recognition services to Canadian clients, stop collecting images of individuals in Canada and delete all previously collected images and biometric facial arrays of individuals in Canada.

Shortly after the investigation began, Clearview agreed to stop providing its services in the Canadian market. It stopped offering trial accounts to Canadian organizations and discontinued services to its only remaining Canadian subscriber, the RCMP in July 2020.

However, Clearview disagreed with the findings of the investigation and did not demonstrate a willingness to follow the other recommendations. Should Clearview maintain its refusal, the four authorities will pursue other actions available under their respective acts to bring Clearview into compliance with Canadian laws.

A related investigation by the Office of the Privacy Commissioner of Canada into the RCMP’s use of Clearview AI’s facial recognition technology is ongoing. The federal commissioner’s office, along with provincial counterparts, is currently developing guidance for law enforcement agencies on the use of facial recognition technologies. The Office of the Information and Privacy Commissioner for British Columbia expects to publish guidelines for consultation with stakeholders in the spring.


What do you think about this story?