Back to Articles
Compliance

Thirty billion faces: how Clearview AI made compliance the bill at the end of the meal

Clearview AI scraped 30 billion faces from the open internet without asking, then sold the resulting facial-recognition tool to police, private clients and anyone with a credit card. Regulators on four continents have now answered. The fines are the easy part. The harder question is what kind of company decides, in 2026, that consent is someone else's problem.

Ethics of AI Editorial20 January 202611 min read
Thirty billion faces: how Clearview AI made compliance the bill at the end of the meal

Thirty billion faces: how Clearview AI made compliance the bill at the end of the meal

Thirty billion faces. That is how many photographs Clearview AI scraped from the internet without asking anyone's permission.

Facebook photos. LinkedIn headshots. Instagram selfies. Random images from news articles and personal blogs. All of it fed into a facial-recognition system that Clearview then sold to police departments, private companies, and anyone else willing to pay.

The legal response has been devastating. The UK Information Commissioner's Office fined the company £7.5 million. Italy's Garante and France's CNIL each levied €20 million. The Office of the Australian Information Commissioner issued enforcement orders. Investigations continue across other jurisdictions. The company that decided to ignore privacy laws is now drowning in the consequences.

The business model was the violation

Most compliance failures involve companies that had legitimate operations and cut corners somewhere. Clearview is different. Their core product could not exist without breaking the law.

Facial recognition requires faces. Clearview got theirs by scraping social media platforms that explicitly prohibit scraping. Every photo they collected violated someone's terms of service. But terms of service were the least of their problems.

Under the EU's General Data Protection Regulation, biometric data is a 'special category' requiring explicit consent. Clearview had no consent from the billions of people in their database. Under Australia's Privacy Act, companies must tell people when collecting their information. Clearview told no one. Under Illinois' Biometric Information Privacy Act, you need written permission before capturing biometric identifiers. Clearview asked no one.

The violations were not incidental to the business. They were the business.

The defence that didn't work

Clearview's lawyers argued that publicly available photos were fair game. If you posted it online, their logic went, you cannot complain when someone uses it.

It is worth taking that argument seriously for a moment, because at first hearing it sounds reasonable. The internet is, by design, public. Photos are uploaded to platforms whose entire business model is that other people will see them. A user who posts a selfie to a public Instagram account has, in some everyday sense, accepted that strangers will look at it. From there it is a short conceptual step to: a system that looks at it counts as another stranger.

Regulators disagreed, and the reason matters. The UK Information Commissioner's Office put it plainly: just because something is accessible does not mean it can be processed for any purpose. You can see someone's face in public. That does not give you the right to photograph them, store their image indefinitely, and sell the ability to identify them to anyone who pays.

Privacy is not just about whether information can be accessed. It is about what you do with it and whether people consented to that use. Clearview's argument essentially claimed that privacy protections evaporate the moment data becomes visible online, which would, taken to its conclusion, mean privacy law applies only to information no one has ever seen. No regulator on any of the four continents enforcing against Clearview accepted that interpretation. They were not even close.

The scale of exposure

Consider what Clearview's database enables. Upload a photo of anyone (a stranger on the street, an ex-partner, a political activist) and the system returns matches from its 30 billion images. Names. Social media profiles. Workplace information. Enough to identify almost anyone and track down details about their lives.

Law enforcement found obvious applications. So did stalkers, domestic abusers, and anyone else who wanted to identify and locate a stranger from a single photograph.

Clearview insists they only sold to vetted clients. But once the technology exists and the database is compiled, controlling access becomes a game of whack-a-mole. Employees have sold access inappropriately. Hackers have targeted the company. The 'we only sell to the good guys' defence does not work when you have built a tool that bad actors desperately want.

The compliance infrastructure that didn't exist

What would compliance have looked like for a facial-recognition company? Start with the basics.

Before collecting any data, map the applicable regulations. GDPR covers EU residents wherever their photos appear. BIPA applies to Illinois residents. Australia's Privacy Act protects Australians. A database scraped from the global internet is subject to overlapping and often conflicting requirements across dozens of jurisdictions.

Clearview apparently did none of this mapping. They collected everything and sorted out legal questions never.

Then consider consent. Under most privacy frameworks, biometric data requires affirmative permission. That means asking each person in your database if their face can be used for identification purposes. For 30 billion faces, that is obviously impossible.

Which is precisely the point. A compliant facial-recognition database would be much smaller. It would include only people who agreed to be included. It would offer opt-out mechanisms. It would respect deletion requests. The product Clearview sold could not exist within legal boundaries, so they simply ignored those boundaries.

The technical choices were ethical choices

Privacy is not just a legal box to tick. The technical architecture of Clearview's system reflects ethical choices about how to treat people.

They built a system designed to make deletion nearly impossible. Photos scraped from the internet do not come with contact information, so people in the database cannot easily request removal. Even if they could, Clearview's architecture was not designed to honour such requests efficiently.

They built a system with minimal audit trails. Who accessed whose face? For what purpose? These questions are hard to answer after the fact, which is convenient when regulators come asking.

They built a system optimised for maximum data collection rather than minimum necessary data. Every face available online was harvested because more data meant a better product, privacy implications be damned.

These were engineering decisions. They were also ethical decisions. The technology could have been built differently. It was not.

Who loses

It is easy to read Clearview's fines as a story about one company being punished. The fines are real, and they sting. But the people the regulators are protecting are mostly not in any of the press releases.

The people in the database. Roughly 30 billion images means most adults with any meaningful internet presence are in there, with no consent given, no notification received, and no usable mechanism to get out. The harm here is not theoretical. It is the elimination of the everyday assumption that being photographed at a wedding, or appearing in the background of a news article, does not enrol you in a permanent identification system that can be queried by anyone Clearview decides is a customer. That assumption is gone, and no one was asked.

Survivors of stalking and domestic abuse. For someone who has changed their name, moved cities, and worked to disappear from a person who hurt them, universal facial identification is not a feature. It is a re-exposure. A single photograph (snatched at a school pick-up, lifted from a friend's social media, taken from a CCTV still) is now potentially enough to find them. Regulators have repeatedly cited this category of harm in their reasoning. Clearview's customer-vetting story is cold comfort to anyone whose ex-partner knows a private investigator.

The legitimate facial-recognition vendors. Companies that built consent-based products with deletion workflows, audit trails, and jurisdictional carve-outs now have to spend their first sales meeting explaining how they are not Clearview. Capital that might have backed careful operators flows to easier categories. Procurement officers at councils and agencies, burned by the headlines, draw the perimeter of what is acceptable so widely that responsible products get caught inside it. The bad actor poisoned the well, and the well was already shallow.

None of this is the story of one company being fined. It is the story of a market being deformed because one operator decided the law did not apply to it.

What compliance-first would have looked like

Imagine a different company. Same technology, different values.

They would have started by mapping every jurisdiction where their technology might apply. Not to find loopholes, but to understand requirements. They would have built consent mechanisms from the beginning: perhaps an opt-in database of people who chose to be identifiable, or a focus on closed environments like secure buildings where everyone entering agrees to facial recognition.

They would have designed for deletion. When someone wants their face removed, the system should make that easy and verify it happened. They would have implemented audit trails showing who searched for whom and why. They would have restricted access to verified clients with legitimate purposes and maintained those restrictions.

Such a product would be smaller. Less powerful. Less profitable, at least initially. But it would still exist. It would not be drowning in fines. And it would not have become the poster child for surveillance capitalism.

The canary, not the catastrophe

Clearview is not the catastrophe. As corporate disasters go, a company being fined into the tens of millions across half a dozen jurisdictions is unusual but survivable. The catastrophe, if it comes, is the next twenty companies that read the Clearview file and learned the wrong lesson.

The signal worth reading is what the Clearview enforcement actually demonstrates about the regulatory landscape. For most of the 2010s, privacy regulators were treated by the AI industry as overwhelmed bureaucrats with no enforcement capacity, and there was a fair amount of evidence for that view. That period is over. The UK Information Commissioner's Office, Italy's Garante, France's CNIL and the Office of the Australian Information Commissioner are now coordinating, comparing case files, and reaching consistent conclusions across legal traditions that historically did not talk to each other. The EU AI Act adds a new layer by classifying real-time biometric identification in public spaces as 'unacceptable risk', which is a phrase with operational consequences.

What this means for any company still operating on 'ask forgiveness rather than permission' is that the window they think is still open has been closing for some time. The Clearview enforcement is not a one-off. It is a stress test of cross-border privacy enforcement, and the regulators passed. The companies that have read the headlines as 'one bad actor got caught' have read them wrong. The headline is 'four jurisdictions just demonstrated they can act in concert against a US-domiciled AI company that does not have to be in their country to be on the hook'. Anyone betting their compliance posture on regulator inertia is betting against a trend that has already turned.

Compliance is the floor, not the ceiling

The Compliance pillar of responsible AI is the one most often dismissed as paperwork. It is treated as the lawyers' department: a hurdle the engineers route around, a cost centre, a check at the end of the build. Clearview is what happens when an entire company internalises that view.

The point of privacy law is not to slow down innovation. It is to make explicit a set of relationships (between a company, the people whose data it touches, and the public it operates in) that would otherwise be settled silently in the company's favour. GDPR did not invent the idea that biometric data is sensitive. BIPA did not invent the idea that you ought to ask before capturing someone's face. Australia's Privacy Act did not invent the idea that you tell people when you are collecting their information. The laws codified intuitions that already existed, in language a court can enforce.

A company that treats those laws as obstacles is signalling something about everything else it does. If consent is optional here, what else is optional? If a regulator's letter is something to litigate rather than answer, what does the company do when a journalist asks the same question? If the engineering choices are made to frustrate deletion requests, what is the rest of the codebase optimised for?

This is the part the Clearview file makes inescapable. Compliance is the floor, not the ceiling. A company that cannot clear the floor is not a company that has found a clever new business model. It is a company that has told you, in the most legible way available, what it thinks of the people on the other side of its product.


Sources: UK Information Commissioner's Office enforcement notice and £7.5 million monetary penalty against Clearview AI; Italian Garante per la protezione dei dati personali €20 million sanction; Commission nationale de l'informatique et des libertés (CNIL, France) €20 million sanction; Office of the Australian Information Commissioner determination and enforcement orders; Illinois Biometric Information Privacy Act (BIPA); EU Artificial Intelligence Act, Article 5 prohibitions on real-time remote biometric identification.

Tags:compliancecase studyprivacybiometric datacross-border enforcement