While other countries issued fines, Canadian privacy commissioners find themselves issuing strongly worded letters to Clearview AI.
The continuing running joke about Canadian privacy laws is continuing. This time, it revolves around how they are dealing with facial recognition surveillance company, Clearview AI. Earlier, privacy commissioners in Canada issued a strongly worded letter to Clearview AI. In that letter, they made a number of recommendations for that company in the wake of successive scandals. Apparently, the company chose to simply ignore the letter. After all, why not? There aren’t any consequences for ignoring such letters in the first place.
In response, the privacy commissioners used their next tool in their toolbox: issuing another strongly worded letter. From the Cranbrook Townsman:
The order came down on Tuesday (Dec. 14) from McEvoy’s office and follows “the company’s refusal to comply with recommendations made in the investigation report by the Privacy Commissioner of Canada,” along with their B.C. and Alberta counterparts.
Clearview AI’s technology allows for the collection of huge numbers of images from various sources that can help police forces, financial institutions and other clients identify people.
The ruling requires Clearview AI to, by Jan. 25, 2022, stop offering its facial recognition services that involve the collection and use of images and biometric facial arrays collected from B.C. residents without their consent to clients in the province; to cease the collection, use and disclosure of images and biometric facial arrays collected from individuals in B.C. without their consent; and to delete the images and biometric facial arrays it already has.
This moment marks the commissioners “stop or I’ll say stop again” moment. To be fair, it’s not the commissioners fault. They are using every tool they have in the toolbox. Unfortunately, when all your tools are writing utensils and a pad of paper, you are already in for a losing battle in the first place. Observers have been calling for real privacy reform for years. This especially in the wake of Europe getting their act together and bringing into force their own privacy law reforms clear back in 2018.
After the Innovation Minister said that it was his top priority during the last government, privacy reform died on the orderpaper with only the most minimal amounts of legislative movement as possible. In response, after the last election, the Innovation Minister, once again, said that privacy reform was his top priority, but that Canadian’s can wait until sometime next year before any movement can happen. So, privacy reform that might finally put an end to this long-running joke continues to be just around that corner, past that thing, just over that next hill, etc.
This basically says that the government knows that privacy reform is important enough to pretend to care, but they don’t necessarily care to actually put a whole lot of effort to make such reforms a reality. After all, we’ve been waiting for nearly 5 years for this and all we can say about it is that we are still waiting.
While Canadians are waiting, other countries are actually taking action. In the UK, the company faces a £17 million fine. From the BBC:
An Australian firm which claims to have a database of more than 10 billion facial images is facing a potential £17m fine over its handling of personal data in the UK.
The Information Commissioner’s Office said it had significant concerns about Clearview AI, whose facial recognition software is used by police forces.
It has told the firm to stop processing UK personal data and delete any it has.
Clearview said the regulator’s claims were “factually and legally incorrect”.
The situation of corporations flat out ignoring strongly worded letters from privacy commissioners is far from being uniquely happening with Clearview AI. During the Cambridge Analytica scandal, Canadian privacy commissioners issued a strongly worded letter with recommendations about how Facebook would move forward. Facebook, in turn, effectively ignored that letter. When the commissioners issued another strongly worded letter, pointing out that Facebook failed to comply, Facebook simply said that they disagreed with the findings, seemingly closing the case for the commissioners. The commissioners, in turn, stepped out of their roles and sued Facebook as private citizens because their legal options as commissioners had been exhausted.
What this shows is that corporations are increasingly learning that they are largely free to flip the bird to the commissioners. Lawsuits from private citizens aside, there really isn’t any consequences for violating the privacy of Canadians. So, if they want to abuse Canadian’s personal information, what is there to stop them?
The situation is so obviously broken, even larger Canadian outlets are starting to realize just how broken privacy laws are. While on the topic of surveillance capitalism, the CBC mentions that there is a growing consensus that the laws need reforming:
The federal privacy watchdog is warning Canadians about the growing threat of “surveillance capitalism” — the use of personal information by large corporations.
In his annual report tabled Thursday in Parliament, Privacy Commissioner Daniel Therrien said state surveillance — a major concern after the 9/11 terrorist attacks — has been reined in somewhat in recent years.
Personal data, meanwhile, has emerged as a highly valuable asset and no one has leveraged it better than the tech giants behind web searches and social media accounts, he said.
“Today, the privacy conversation is dominated by the growing power of tech giants like Facebook and Google, which seem to know more about us than we know about ourselves,” the report said.
“Terms like surveillance capitalism and the surveillance economy have become part of the dialogue.”
At a news conference, the commissioner said he agreed with the intention behind the previous legislation — which died at the federal election call. The bill was intended to give organizations greater flexibility to use personal information, even without consent, if done for legitimate business interests.
“But this should be done within a rights-based framework that recognizes the fundamental right to privacy. Greater flexibility for corporations should come with greater corporate accountability,” he said.
What’s needed is not more self-regulation but true regulation, meaning objective and knowable standards enforced by the privacy commissioner’s office, Therrien said.
“When we look at the experience of other countries that are innovators that are ahead of Canada, places like South Korea and Germany but many others, they do that within laws that protect privacy as a human right.”
While we’ve been pointing out this situation for years, it’s nice to see that more are finally starting to catch on to just how bad things are in Canada. While it helps that more are aware of the long-running joke about Canadian privacy laws, it all still boils down to government action. Right now, the federal government only finds it worthwhile to pay lip service to the issue – only to proceed to do nothing about it. While we can only hope that this second round will yield different results, we have every reason to be skeptical at this stage considering what happened last time.
Drew Wilson on Twitter: @icecube85 and Facebook.
