RCMP use of facial recognition technology violated privacy laws, investigation finds
The RCMP’s use of controversial third-party facial recognition technology was a serious violation of Canadian privacy laws, according to a new investigation.
Privacy Commissioner Daniel Therrien tabled a report in Parliament Thursday morning after investigating the National Police’s use of the US-based Clearview AI software.
He ruled that by using the tools of this third party, the RCMP violated the section of the Privacy Act which specifies that no personal information may be collected by a government institution “unless it is is not directly linked to a program or to an operating activity of the institution ”.
“The use of facial recognition technology by the RCMP to search huge repositories of innocent Canadians for suspected crime is a serious breach of privacy,” said Therrien.
“A government institution cannot collect personal information from a third party agent if that third party agent has collected the information illegally.”
RCMP initially denied using Clearview AI
Concerns about the company Clearview AI escalated last year after a New York Times investigation found that the software had pulled more than three billion photos from public websites like Facebook and Instagram. He then turned them into a database used by more than 600 law enforcement agencies in the United States, Canada and elsewhere.
The RCMP initially denied using Clearview AI, but confirmed last year that they had used it following reports of the company’s customer list hacked.
At the time, the force vaguely recognized that “a few units of the RCMP” were using technology to “enhance criminal investigations” – which could refer to almost any section of the RCMP.
“We are concerned about the RCMP’s willingness to repeal its responsibility to respect the privacy rights of Canadians and to accept general assertions from a private company without any attempt at validation,” the report notes.
Clearview AI has since ceased offering its services in Canada. Although Therrien says the RCMP are no longer using it, he remains concerned that the force disagreed with its finding that it was in violation of the Privacy Act.
“Although the Office of the Privacy Commissioner maintains that it was the RCMP’s responsibility to ensure that the database it was using was legally compiled, the RCMP argued that this would create an unreasonable obligation and that the law does not expressly impose the obligation to confirm the basis of the collection of personal information by its partners in the private sector, ”the report notes.
CBC News has asked the RCMP for comment.
Better controls of personal data are needed, according to Therrien
The report also found that the RCMP did not have appropriate systems in place to track, identify, assess and control this type of personal information.
He recommends that within a year the RCMP improve its policies, systems and training, which the force has agreed to do.
A February report from Therrien and three other privacy commissioners found that Clearview AI created significant risk to individuals by allowing law enforcement and businesses to compare photos against its database. of over three billion images, including Canadians and children.
He called on governments to strengthen federal and provincial privacy laws after discovering Clearview AI violated Canadian privacy laws by collecting photos of Canadians without their knowledge or consent .