Jumbo Privacy wants to end Clearview AI’s clandestine operations in the European Union
July 2020 by Jumbo
Jumbo Privacy is acting today against Clearview AI to protect the rights of European citizens. After discovering that the American company had collected and was offering (in full violation of EU law) personal information of EU citizens (including a series of photos of herself) Zoé Viliain, Jumbo Privacy’s Chief Strategy Officer, Chief Privacy Officer and VP Europe filed a complaint this week with the French Data Protection Authority (CNIL). Jumbo Privacy is asking the Authority to urgently take all the necessary measures to put an end to the clandestine operations of a company whose facial recognition business (built on the basis of several billion photos illegally scrapped from the web since 2016 ) is now the subject of several investigations launched in recent weeks in Canada, Australia and the United Kingdom.
Four months of fruitless efforts that end up revealing Clearview AI’s clandestine and illegal practices
In January 2020, Jumbo Privacy discovered through its privacy protection activity that the American company Clearview AI was illegally offering individuals’ personal information to its customers around the world. Among the concerned were residents of the European Union, which means that Clearview AI was consciously violating the EU General Data Protection Regulation (more commonly known as "GDPR").
Anxious to know the extent of the data collected by Clearview AI, and in particular if the users who are protected by Jumbo Privacy were concerned, Zoé Vilain, its Chief Strategy Officer, Chief Privacy Officer and VP Europe, decided to investigate and to find out if she herself was included in Clearview AI’s facial recognition database. Thanks to a GDPR provision, she was able to mandate Jumbo Privacy to exercise her legal rights. The company contacted Clearview AI to know exactly what information it had on Zoé Vilain and how it was used. Thus, the ordeal started.
To get even the beginning of an answer, which would remain ultimately incomplete, it took Jumbo Privacy no less than four months of work, nine email exchanges, sending a photo and many other personal identification elements (first and last name, email and postal address, IP address, etc.), refusing to provide a photo of an official identity document and finally sending, as a last resort, a formal notice by mail and by email.
Despite the excessively cumbersome process, Jumbo Privacy was able to confirm its suspicions regarding Clearview AI’s repeated breaches and violations of the GDPR, in particular:
Unlawfully obtaining and providing personal data of EU citizens
A complete lack of legal justification on the part of Clearview AI concerning its processing of data belonging to EU citizens
Demonstrably excessive and disproportionate requests for additional identification aimed at discouraging any appeal
The weakness of the answer provided and of the processes put in place to handle the requests of the people who are in Clearview AI’s facial recognition database and want to exercise their privacy rights
A formal complaint to put an end to Clearview AI’s illegal practices and defend its users
Created in 2018 following the Cambridge Analytica scandal, Jumbo Privacy is a mobile application that allows its users to regain control over their online data and know how it is used. Accustomed to platforms for which data collection is vital (Facebook, Instagram, LinkedIn, Amazon, etc.), the company was nonetheless surprised by the cumbersome steps required to obtain a still very incomplete answer from Clearview AI
Faced with this situation, Jumbo Privacy has decided to act and take the fight to the relevant authority. Zoé Vilain, Chief Strategy Officer, Chief Privacy Officer and VP Europe of Jumbo Privacy therefore filed this week a formal complaint before the French Data Protection Authority, the CNIL, in order to put Clearview AI under the spotlight and to be able to properly defend the privacy of its users against this kind of illegal practices.
"Faced with illegal practices which potentially impact all citizens of the European Union, without their being aware of it, it appears to us essential that the Data Protection Authority becomes aware of the nature of Clearview AI’s activity and decides firmly and quickly on the necessary measures required to put an end to these acts and safeguard the interests of the public.
The European Data Protection Board (EDPB) already declared a few weeks ago that the use of a service like Clearview AI by the police authorities in the European Union might, in the current state, not be compatible with the European data protection regime. But much more fundamentally, we are dealing here with a company that built its entire activity on the illegal exploitation of personal data and while it should be easy for everyone to protect their privacy on a daily basis, this has become clearly impossible when dealing with companies like Clearview AI."