Upon news in the media of the Swedish Police Authority using the application Clearview AI for facial recognition the Swedish Authority for Privacy Protection (IMY) initiated an investigation against the Police.
The investigation concludes that Cleaview AI has been used by the Police on a number of occasions. According to the Police a few employees have used the application without any prior authorisation.
IMY concludes that the Police has not fulfilled its obligations as a data controller on a number of accounts with regards to the use of Clearview AI. The Police has failed to implement sufficient organisational measures to ensure and be able to demonstrate that the processing of personal data in this case has been carried out in compliance with the Criminal Data Act. When using Clearview AI the Police has unlawfully processed biometric data for facial recognition as well as having failed to conduct a data protection impact assessment which this case of processing would require.
– There are clearly defined rules and regulations on how the Police Authority may process personal data, especially for law enforcement purposes. It is the responsibility of the Police to ensure that employees are aware of those rules, says Elena Mazzotti Pallard, legal advisor at IMY.
IMY imposes an administrative fine of SEK 2,500,000 (approximately EUR 250,000) on the Police Authority for infringements of the Criminal Data Act. IMY also orders the Police to conduct further training and education of its employees in order to avoid any future processing of personal data in breach of data protection rules and regulations.
In addition the Police is ordered to inform the data subjects, whose data has been disclosed to Clearview AI, when confidentiality rules so allows. Finally the Police are ordered to ensure, to the extent possible, that any personal data transferred to Clearview AI is erased.
For further information, please contact
Legal Advisor Elena Mazzotti Pallard : +46-8-657 61 72
Press Office: +46-8-515 15 415