Can't the government already do the same using images from identity cards, passports, etc.? Is the problem mainly because it's a private company doing it? I genuinely want to better understand this issue.
Yes, the problem is that a private company doing it against data privacy regulations in the EU; collecting personally identifiable information and biometrics is regulated through the GDPR, the article clearly states the issue:
> The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
It isn't shocking that an American company would run into issues like this in the EU as it is one of the fundamental differences between American and European society. By and large, Europeans would rather this type of thing be in the hands of the government over a private company while Americans would prefer the reverse.
> "Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
what limits do we place on countries randomly being able to make supranational claims like this? do you want every online business checking the passport of their customer? because sure this case is fine but its a pretty dangerous precedent to accept without limits. for all its good intentions, GDPR has also resulted in cookie banner spam on the rest of us.
as with all government power - u may be fine when its used against things you dont like, but try to imagine when its used to against things you do...
Okay I get it now, GDPR.
But is it bad if it is used to catch criminals ?
What's a potential misuse of that technology ?
Maybe I watched too much of Person Of Internet...
If identification of dutch citizens are a part of the product for services rendered by Clearview AI, they should be punished severely for this. Same goes with any country, or person, who doesn't want to be a part of their scheme.
Since they don't operate directly in the EU, there is not much else they can do aside from collaborating with other countries DPAs to ban any EU company from integrating with them (per the article currently only companies in the Netherlands are banned).
Even the fine itself is a bit problematic because it looks like unenforceable as they don't operate in the EU thus not subject to EU law.
However if it were to be discovered that the user images where not only retrieved by scrapping publicly available information, but involved data brokerage or other forms of personal information selling all those involved throughout that chain could be fined.
I think one day we will look back on this era, and think it is crazy that so much crime was committed in public and caught on video, and yet the government would usually not be able to take any action. They wouldn't be able to figure out who it was, and they wouldn't be able to find the criminal.
One day all of these things will be taken for granted because we will capture more and more video of public spaces, and AI facial recognition will be more accurate than human facial recognition.
>[Clearview Chief Legal Officer] Mulcaire said in his statement that Clearview doesn't fall under EU data protection regulations.
>"Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
-------------
>The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
> "Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world," DPA chairman Aleid Wolfsen said in a statement.
> "If there is a photo of you on the Internet — and doesn't that apply to all of us? — then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China," he said.
-----------------
If you're pulling data from European Citizens from all over the internet, I'd imagine that the EU does get a say (since it's literally data processing of EU citizen data). I'd also expect that the EU could just make one of the other upstream suppliers of Clearview data responsible for enforcement.
Clearview is a perfect example of how to avoid EU-nexus. They don't have any corporate presence, employees, assets, or customers in the EU. They are even careful to only pull photos from US based servers. Because they only do facial matching on photos, they have no idea if someone is or is not an EU citizen.
To seek any sort of judgement or criminal charge against them the EU would need to find an applicable law in the US that covers the activity.
While some people might be upset because GDPR isn't a stick they can use to beat Clearview with, this legal framework is the same that allows you to post material critical of the Chinese government without facing financial penalties or extradition.
Why is the burden of proof on the users? Why shouldn't the burden of proof be on Clearview? They should be required to know that a person is in a place they can legally operate before doing so.
The Netherlands created an intelligence agency called the RIEC deliberately without a human representative so the whole organisation cannot be taken to court. And this organisation actively works against the rights of its citizens with impunity. The attorney general himself even said that their prosecutors can lie in court without being prosecuted for perjury. It’s a joke that this country pretends to be upset with clearview.
> Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR
That’s cute. I wonder where all the faces are coming from.
The US and UK governments already claim international jurisdiction in some cases - I hope the EU starts doing to protect their citizens against this sort of thing.
Readit News
The full PDF with the investigation results e.a. as sent to clearview: https://www.autoriteitpersoonsgegevens.nl/en/system/files?fi...
> The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
what limits do we place on countries randomly being able to make supranational claims like this? do you want every online business checking the passport of their customer? because sure this case is fine but its a pretty dangerous precedent to accept without limits. for all its good intentions, GDPR has also resulted in cookie banner spam on the rest of us.
as with all government power - u may be fine when its used against things you dont like, but try to imagine when its used to against things you do...
Even the fine itself is a bit problematic because it looks like unenforceable as they don't operate in the EU thus not subject to EU law.
However if it were to be discovered that the user images where not only retrieved by scrapping publicly available information, but involved data brokerage or other forms of personal information selling all those involved throughout that chain could be fined.
One day all of these things will be taken for granted because we will capture more and more video of public spaces, and AI facial recognition will be more accurate than human facial recognition.
Deleted Comment
>[Clearview Chief Legal Officer] Mulcaire said in his statement that Clearview doesn't fall under EU data protection regulations.
>"Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
-------------
>The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
> "Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world," DPA chairman Aleid Wolfsen said in a statement.
> "If there is a photo of you on the Internet — and doesn't that apply to all of us? — then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China," he said.
-----------------
If you're pulling data from European Citizens from all over the internet, I'd imagine that the EU does get a say (since it's literally data processing of EU citizen data). I'd also expect that the EU could just make one of the other upstream suppliers of Clearview data responsible for enforcement.
To seek any sort of judgement or criminal charge against them the EU would need to find an applicable law in the US that covers the activity.
While some people might be upset because GDPR isn't a stick they can use to beat Clearview with, this legal framework is the same that allows you to post material critical of the Chinese government without facing financial penalties or extradition.
That’s cute. I wonder where all the faces are coming from.
Deleted Comment