Facial recognition in police hands: Assessing the ‘Clearview case’ from a European perspective

Since 2019, over 600 law enforcement agencies across the United States have started using a ground-breaking facial recognition app designed by Clearview AI, a tech start-up which now plans to market its technology in Europe. While the Clearview app is an expression of the wider phenomenon of the repurposing of privately held data in the law enforcement context, its use in criminal proceedings is likely to encroach on individuals’ rights in unprecedented ways. Indeed, the Clearview app goes far beyond traditional facial recognition tools. If these have been historically limited to matching government-stored images, Clearview now combines its technology with a database of over 3 billion images published on the Internet. Against this background, this article will review the use of this new investigative tool in light of the EU legal framework on privacy and data protection. The proposed assessment will proceed as follows. Firstly, it will briefly assess the lawfulness of Clearview AI’s data scraping practices under the General Data Protection Regulation (GDPR). Secondly, it will discuss the transfer of scraped data from Clearview AI to EU law enforcement agencies under the regime of the Police Directive 2016/680/EU (the Directive). Finally, it will analyse the compliance of the Clearview app with Article 10 of the Directive, which lays down the criteria for lawful processing of biometric data. More specifically, this last analysis will focus on the strict necessity test, as defined by the Charter of Fundamental Rights of the European Union (the Charter) and the European Convention of Human Rights (ECHR). Following this assessment, it will be argued that the use of Clearview’s app in criminal proceedings is highly problematic in light of the EU legislative framework for both privacy and data protection.