Facial Recognition and Screen Scraping of Social Media Triggers Global Legal Actions, Lawsuits

By: Lee Rickwood

February 28, 2022

Across Canada and around the world, government legal proceedings and class action lawsuits are underway to fight growing trends in screen scraping − the harvesting of publicly accessible online images by private sector facial recognition companies.

People’s faces are being scraped off the Internet, taken from social media platforms, often if not exclusively without prior or informed consent. As expressed by the Electronic Frontier Foundation, facial recognition technology is “is a special menace to privacy, racial justice, free expression, and information security.”

man's face covered by graphics text overlaysBusinesses that make use of data generated by screen scraping various legal risks associated with the technology, due to the indiscriminate nature of screen scraping. Screen scraping tools can collect images and data from the Internet whether legal protections apply to the information or not, and regardless of terms and conditions of the source website.

Yet despite long-identified social and legal risks, leading face and screen scraping companies are expanding their capabilities and planning additional identification services.

Often the face-scraped facial images and associated screen-scraped data are used as raw material in the development of facial recognition algorithms and software: millions even billions of faces are needed to train and perfect facial recognition program capabilities and the training data sets must be broad enough and inclusive enough so the technology can recognize and identify a wide variety of faces and even emotional situations.

Once so trained, those programs can be used as tools by police and law enforcement, employment and immigration agencies, e-commerce and fintech service providers and many more.

man using face recognition screen

One of the higher-profile facial recognition companies that in many ways is ‘the face’ of the screen scraping controversy these days is Clearview AI, a privately-owned American technology company that boasts it operates the world’s largest facial network.

Having built its collection (said to number in the billions) in part by scraping facial images from popular social media sites like Twitter, Google, Facebook, and LinkedIn, it was soon asked to stop harvesting photos by each of the services.

And following a joint investigation by provincial privacy regulators in Alberta, B.C., and Québec, it was ordered to stop collecting and sharing images, having been found in violation of federal and provincial privacy laws.

“What Clearview does is mass surveillance, and it is illegal,” Privacy Commissioner of Canada Daniel Therrien described at the time. “It is completely unacceptable for millions of people who will never be implicated in any crime to find themselves continually in a police line-up.”

The company was ordered to cease collecting images of residents in those provinces, to delete any such images already collected, and to stop offering facial recognition ­services to Canadian clients.

The company is challenging the order, saying provincial Personal Information Protection Acts do not apply to a U.S.-based company.

But with additional legal proceedings against the company underway in many jurisdictions worldwide, the applicability of local laws may dominate the legal agenda. Europe as a whole and individual countries therein; the U.K., Australia and individual U.S. states are all considering or now taking legal action against screen scraping techniques such as Clearview stands accused.

The European Data Protection Board (EDPB), looking after data protection rules in the European Union, has written that services like Clearview AI are “likely not … consistent with” EU data protection and privacy laws.

The UK’s Information Commissioner’s Office, when announcing that images in Clearview AI Inc’s database may have been gathered without people’s knowledge from publicly available information online, including social media platforms, said it intends to impose a potential fine of nearly $30 million (CDN) on Clearview AI.

In November, Clearview AI was ordered to delete all facial recognition data referring to Australian citizens.sample faces with and without masks on

The first GDPR ruling against Clearview AI was in France. Other legal complaints against the company are still being dealt with in Austria, Italy and Greece. Meanwhile, in the US, Clearview AI is accused of violating the biometric data privacy law in Illinois, and faces class action lawsuits in states like Vermont, New York and California.

Despite this surge of legal action against the company, recent news reports indicate that Clearview AI is on a strong growth curve.

According to a report in the Washington Post, the facial recognition company says it have 100 billion facial photos in its database within a year, enough to ensure “almost everyone in the world will be identifiable.”

Even as some jurisdictions call the practice illegal, the company has nevertheless been awarded a US patent for its identification technology, specifically for its ability “to gather publicly available information from the open [I]nternet (social media sites, mugshots, news sites and more) and then accurately match similar photos using its proprietary facial recognition algorithm.

video surveillance notice sign

The screen scraping of social media platforms for facial images and associated data has become yet another component of a global mass surveillance ecosystem that legislators, privacy advocates and end users are struggling to control or even influence.



Leave a Reply

Your email address will not be published. Required fields are marked *