The use of biometric data has expanded exponentially, from using thumbprints for unlocking phones to voice activation technology. Facial recognition is one of the most controversial uses of biometric data, raising issues of privacy and, in recent years, legality. Last month, Clearview AI faced allegations from top Canadian privacy and security experts claiming that their practices were illegal and violated Canadian law. The issue arose as Clearview AI, a New York-based startup, began collecting biometric data from Canadian citizens without their knowledge or consent. The Canadian government ruled that Clearview AI’s practices qualify as mass surveillance and as such the information of Canadian citizens needed to be deleted from their database.
Clearview AI is insisting that they have not breached Canadian law because the company has no significant ties to Canada, and therefore does not fall under their legal jurisdiction. They have also argued that even if they are beholden to Canadian law, the data they collect is all publicly available. In a statement to The New York Times, Clearview AI said while they ceased their operations in Canada in light of the government investigation, they would not be deleting any data from Canadian citizens unless specifically asked to by the individuals affected. The startup has pointed out that companies like Google are allowed to operate in Canada and use search engines to mine public data in much the same way as Clearview AI.
While legal action such as fines or forcible removal of Clearview AI data remains to be seen, this conflict leads to a much bigger question in a world that is rapidly getting smaller. Technology easily crosses borders as people become more connected than ever before. There is no universally accepted international law regulating AI, security, privacy, or how biometric data can be collected and used. Many countries and states have enacted local laws but their ability to reach beyond their borders when their citizen’s data is extracted is unclear. Even within the USA, there are only a handful of states that have any biometric data laws in place and several of them were only enacted in the past year or two despite how long biometric data has been around. The truth is that local laws simply cannot keep up with the rapid pace at which technology develops as it accumulates and manipulates billions of data points on virtually every person on earth who ever touches a computer keyboard or makes a call on their cell phones.
This all begs simple questions with complex, and perhaps unknown, answers. How can legislators possibly plan for the technology of the future? When there aren’t laws in place to stop morally questionable actions by tech companies, how can citizens be safe? And, even when there are laws in place, how can companies that don’t have ties to the country where the laws were made have action taken against them?
There are no surefire answers, but these sorts of legal questions are only going to arise more and more as technology continues its largely unrestrained advancement and expansion. The best thing you can do, as a world citizen, is monitor and mitigate your own online presence. Be careful about the kind of data you put out to the world. Remember that it is all being stored and just about anyone – good and evil – can collect it and monetize it.