Can't the government already do the same using images from identity cards, passports, etc.? Is the problem mainly because it's a private company doing it? I genuinely want to better understand this issue.
Yes, the problem is that a private company doing it against data privacy regulations in the EU; collecting personally identifiable information and biometrics is regulated through the GDPR, the article clearly states the issue:
> The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
It isn't shocking that an American company would run into issues like this in the EU as it is one of the fundamental differences between American and European society. By and large, Europeans would rather this type of thing be in the hands of the government over a private company while Americans would prefer the reverse.
> By and large, Europeans would rather this type of thing be in the hands of the government over a private company while Americans would prefer the reverse.
Well, you can vote for politicians that align with your values. The American replies: you can vote with your wallet.
I'd like to see a company like Clearview get boycotted away. It has few customers that pays well and the citizens that they subject to violations are not their customers and have no say.
Also, Re: vote with your wallet. The fact that the richest gets the most ballot papers is not so democratic.
I mean, I think many people would rather that this was in the hands of _neither_, tbh.
The AI Act (note that this fine was under prior legislation, not the rather new AI Act) bans this except for specified national security purposes, but I'd certainly have preferred to see it ban it entirely.
> "Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
what limits do we place on countries randomly being able to make supranational claims like this? do you want every online business checking the passport of their customer? because sure this case is fine but its a pretty dangerous precedent to accept without limits. for all its good intentions, GDPR has also resulted in cookie banner spam on the rest of us.
as with all government power - u may be fine when its used against things you dont like, but try to imagine when its used to against things you do...
> do you want every online business checking the passport of their customer?
Is the business selling to a EU citizen? If so they have to deal with the rights that citizen has.
If a company in some fictitious jurisdiction where fraud is not a crime defrauds an American citizen, should they not face American justice for it? It might be they don't have legal representation in the USA but that shouldn't stop an American citizen on bringing the issue to authorities to deal with.
It's not random, if you make business with someone in the EU or deal with the information of someone in the EU then you need to follow EU's regulations. Can't do that? Don't deal with EU's citizens data or business, it's pretty simple.
I really don't think this is a hard concept to grasp.
If you run a company in a foreign country, then the laws of that country apply of course. Why should it be different just because they have scraped internet data containing images of Euroepeans? If that's legal in the home country of the business (as it would in, say, America) then its none of the EU's business.
Imagine the reverse, if China was fining European companies for not censoring CCP-offensive terms on the internet. Or America was fining them for dealing with US-blocklisted entities like Iran.
> If that's legal in the home country of the business (as it would in, say, America) then its none of the EU's business.
The data pertain to EU's citizens, that is covered under the GDPR, if your business deal with private data from EU's citizens you are under the GDPR even if you don't operate in the EU (such as the case of Clearview). Of course, without an office/representation in the EU it's impossible for the EU to collect the fines and apply other punishments, still the business will be judged under the terms of the GDPR in the EU.
It's the business of the EU since the data is from EU's citizens. Like I mentioned before, if a business was defrauding people (i.e.: identity theft) in the USA while operating outside of the USA, the American justice system has all the prerogative to defend its citizens rights even if it wasn't possible to stop the operation, collect fines, etc. There would be an investigation, there would be a prosecution and eventual punishment. Depending on how egregious the rights violating behaviour was it could escalate into the international sphere.
It's the same case here, Clearview AI is processing private data from EU's citizens even if outside of the EU it is against EU laws.
> Or America was fining them for dealing with US-blocklisted entities like Iran.
The USA does punish companies outside of the USA for dealing with US-blocklisted entities, how the hell do you think sanctions work? Why do you think most of the world avoid dealing with Iran, North Korea, etc.?
Clearview has been targeted before by other DPAs in the EU [0][1][2][3][4].
I think there is merit to both side of the argument here.
On the one hand, yes, each nation can stick to their lane. Who is to say their rules and culture and regulations are "correct". Undefined. That another nation may well believe themselves to be the correct one. Under that principle it's wrong to go nosing about other nations. The example of CCCChinaCCCP's arm reaching out censorship wise was made here.
On the flipside, the defending of one's nation's citizens against foreign obnoxiousness is well reasonable. For example, if USA did a better job defending against scammers from India, I think we'd all be happier for it. Now, is India right/correct in believing spam calling is a god given human right to be embedded into their own bill of rights? I don't know, but what I do know is US citizens would be happier if US defended there interests here, as the EU is doing for his citizens.
So does that mean it’s intelligence services never get a face match done ?
How would you know if they have no customers here, do you think their intelligence services would tell you ? In the past the head of Dutch intelligence lied to the government about mass surveillance. Even if it was true, guaranteed they would simple send their photos to American counterparts to run.
> what limits do we place on countries randomly being able to make supranational claims like this?
Randomly? EU or other nations act because their citizens have their rights violated. I assume Clearview has collected Dutch faces en masse and thereby violated laws.
Obey by GDPR or don't deal with the data of EU citizens.
Okay I get it now, GDPR.
But is it bad if it is used to catch criminals ?
What's a potential misuse of that technology ?
Maybe I watched too much of Person Of Internet...
even without tech, justice system is already ruining people's lives unjustly. so maybe we have to discuss failure rate, processes in place to correctly use the tech, instead of just saying it has to be bad ? the question is will the tech help ruin more people lives that was already the case or not or improve the odds in some cases even
> even without tech, justice system is already ruining people's lives unjustly
Sure, but as with a lot of this stuff, this allows that to be done _at scale_. "[bad thing] happens anyway" isn't a great argument against "we should ban this thing where [bad thing] is likely to happen at massive frequency".
meanwhile police departments are already using that around the world, and they seem conscious about the limitations, and not using it as a 100% accuracy tool.
"Assistant Chief of Police of Miami, Armando Aguilar, said in 2023 that Clearview's AI tool had contributed to the resolution of several murder cases, and that his team had used the technology around 450 times a year. Aguilar emphasized that they do not make arrests based on Clearview's matches alone, and instead use the data as a lead and then proceed via conventional methods of case investigation"
That depends on every user of this massive data set to be responsible with it, do you trust that?
If there was a way to read every person's thoughts in public spaces to deal with crime, so that you could know exactly who is guilty of a crime, or preparing to commit a crime beforehand, would that be a technology you'd support?
Data privacy is important, our collective rights are more important than helping the police to increase their rate of solving crimes.
>> even without tech, justice system is already ruining people's lives unjustly
>Sure, but as with a lot of this stuff, this allows that to be done _at scale_.
EXACTLY. The US wastes over 8 billion dollars a year inefficiently ruining peoples' lives and burning tax dollars. With the advent of facial recognition AI software, we can ruin lives 90% more efficiently at three times the scale!
then you should not ask "what is a possible misuse of this [facial recognition to catch criminals] technology?" but some more nuanced question
As for the rest of your argument, even if we take as a given that there is cases where facial recognition could be helpful, I'd say that if a company can't be trusted not to illegally develop their products it can hardly be trusted to respect strict standards when their products are in use
