Pay Attention: Clearview AI to Pay Landmark Amount for Collecting Biometric Data Without User Consent by Scraping
Clearview AI to pay approx. $51 million for scraping photos off the web, and training AI. Recently, a US District Court in Illinois granted final approval to a settlement in the Clearview AI consumer privacy litigation, concerning the company’s controversial practices of collecting and storing biometric facial recognition data. This should serve as a reminder that US state privacy laws are as relevant as ever and that their violation may lead to significant penalties.
Background
Clearview AI collected over 10 billion images from public websites and social media without user consent, creating a vast biometric database used for training and operating AI. This raised global privacy concerns and led to multiple lawsuits, particularly under Illinois’ Biometric Information Privacy Act (BIPA), which mandates explicit consent for biometric data collection.
The settlement
Under the approved settlement, Clearview AI will grant a 23% equity stake to affected class members amounting to approximately $51.75 million. This unprecedented equity-based settlement is designed to address Clearview’s financial limitations and ensure class members receive meaningful compensation. Additionally, the settlement introduces a novel governance structure by appointing a “Settlement Master” tasked with protecting class members’ interests, overseeing Clearview’s financial health, and ensuring transparency.
After-effects
The settlement reflects the ever-present relevance of privacy laws and litigation, particularly regarding biometric data and AI in the US. Companies engaged in similar technologies and data practices are advised to closely monitor this precedent, recognizing increased judicial scrutiny and potential financial exposure arising from biometric data collection without explicit consent, as well as other privacy related practices.
Israeli companies operating in or interacting with US markets, particularly those employing biometric and facial recognition technologies or using the scraping of photos and videos for identification, should closely evaluate the implications of this settlement. Increased legal attention, given both in the US and globally to privacy and data protection, may necessitate adjustments to business practices, consent procedures, and compliance frameworks to avoid potential exposure and liability
Key Recommendations
We recommend clients review their biometric, and other personal data collection practices, consent mechanisms, and contractual arrangements to mitigate risks highlighted by this litigation as well as general privacy risks.
For further consultation and to discuss the implications for your business, please reach out to our team.
***
Dr. Avishay Klein is the Head of the Privacy, Artificial Intelligence and Cybersecurity Department.
Masha Yudashkin is a lawyer in the Privacy, Artificial Intelligence and Cybersecurity Department.