Swedish Police Fined by Data Protection Regulator for Using Clearview AI

• The Police in Sweden will have to pay a fine of approximately $300k for using the Clearview AI app.
• The particular product is collecting people’s biometrics without their consent, which violates GDPR.
• Clearview AI and the law enforcement authorities in Canada have recently had the same trouble.

The police in Sweden were apparently using the Clearview AI facial recognition product, which has been criticized for its unethical and barely legal data scraping practices. The reports of this deployment eventually reached the Swedish Authority for Privacy Protection (IMY), which launched an investigation against the nation’s police.

Today, the authority has published its conclusion – the Police agents were using the particular application without authorization, so the office imposes an administrative fine of SEK 2,500,000 (approximately $300,000) for infringements of the Criminal Data Act.

Apart from the fine, the IMY demands that the Police run additional training and education sessions for employees to prevent similar incidents of unauthorized data access and process from happening in the future. The Police will have to inform the data subjects whose data has been disclosed to Clearview AI, so at least they’ll know that their privacy is being invaded. If the subjects order the deletion of their personal data from the Clearview AI, the Police will have to ensure that this is indeed erased.

Unfortunately, the actual deployment of Clearview AI hasn’t been scrutinized, so no obstacles have been placed there. We guess that this is outside the scope of IMY, as they can only review the use of software from the “data protection” perspective. Also, the assurances about the deletion of the citizen data on Clearview AI’s database will be hard to give, review, and ensure. The fact that IMY’s announcement is adding the key “to the extent possible” phrase is indicative of that problem.

Similarly, the Canadian Office of the Privacy Commissioner took an aggressive stance against Clearview AI last week, bashing it for unlawfully collecting Canadians’ biometric data without them knowing about it and putting the Canadian police into context as the user of the application. Also, a related investigation is ongoing since last year, so we expect to see some hefty fines announced there too.

The Commissioner stated the following:

Imposing fines on public entities may appear pompous, but as long as Clearview AI is considered legal, the problem and the potential for abuse will remain unmoved. From that perspective, these fines and bold statements serve only as palliation for the public and nothing more.