A proposed class action lawsuit filed against Clearview AI, Inc. claims the surveillance company’s database containing “billions” of data points on private citizens was constructed in violation of the Illinois Biometric Information Privacy Act (BIPA). According to the case, Clearview and co-defendant contractor CDW Government LLC failed to obtain a written release from Illinois residents, as well as adhere to several of the BIPA’s other requirements, before collecting, selling and leasing their sensitive data to be used by “the highest bidder.”
Featured in a recent New York Times article, Clearview AI, the case explains, has built what’s been described as a “dystopian surveillance database” from photographs and personal data, including names, addresses, and employment information, “scraped” from publicly available internet-based platforms such as Facebook, Instagram, and Twitter. After scraping the data, the suit says, Clearview will run each photo through facial recognition software to extract sensitive biometric data that can be matched to each face that appears in the picture. According to the lawsuit, Clearview and third-party CDW have provided the software to government agencies, including the Chicago Police Department, for law enforcement purposes. The case claims, however, that the software essentially allows any user to upload a photo to the database and identify “any private citizen,” allowing individuals to be identified with relative ease.
“In short,” the complaint reads, “anyone with access to the database, including any employee of Clearview, or reseller of the database, or end-user can upload a single photo and identify the person in real-time. A single picture on the internet means that any private citizen can immediately be identified and tracked.”
The lawsuit, which was filed only a day before Google was hit with a similar BIPA case, argues that Illinois residents never provided consent for their biometric information to be collected and used by the defendants. In fact, the subjects of the photos in Clearview’s database were never so much as told that their private information was being “scraped” from the internet, nor informed of the purpose and length of time for which their data would be stored, the suit alleges. Moreover, Clearview and CDW, according to the lawsuit, have never published a publicly available retention policy detailing how and when private citizens’ data would be destroyed. Instead, the companies have allegedly sold and leased the data to third parties without consumers’ consent—all in violation of the BIPA, the lawsuit claims.
The case alleges the defendants’ conduct is especially egregious given the database’s level of exposure. The suit claims Clearview and CDW employees have “unrestricted access” to the information, and can even monitor law enforcement’s use of the database. “This is not a reasonable standard of care in industries that involve highly private databases of sensitive information,” the complaint scathes.
The case claims that the defendants deliberately hid their data collection practices from Illinois residents, including the plaintiff, in order to profit off consumers’ private data regardless of any harm caused. From the complaint:
“Clearview intended for Illinois residents to be unaware of their covert data harvesting operation, knowing that if they were aware, they would take steps to protect their personal and private data. . . Once Plaintiff became aware of Clearview’s database and the likelihood they were included in it, they were harmed by the invasion of their privacy, the anxiety and fear from being included in the surveillance database without their knowledge and consent, and by having to pay for an attorney to file and litigate this suit to have their data removed from the database.”
The lawsuit looks to cover any former or current Illinois residents whose biometric information was stored in Clearview’s database.
The full complaint can be read below.
Want more news on biometric privacy class actions? Subscribe to ClassAction.org's newsletter here.