Police force does not agree with privacy commissioner's conclusions
The RCMP's use of a controversial, third party facial recognition technology was a serious violation of Canada's privacy laws, says a new investigation.
Privacy Commissioner Daniel Therrien tabled a report to Parliament Thursday morning after investigating the national police force's use of the software from U.S.-based Clearview AI.
He ruled that by using this third party's tools, the RCMP violated the section of the Privacy Act that specifies that no personal information can be collected by a government institution
unless it relates directly to an operating program or activity of the institution.
The use of facial recognition technology by the RCMP to search through massive repositories of Canadians who are innocent of any suspicion of crime presents a serious violation of privacy, Therrien found.
A government institution cannot collect personal information from a third party agent if that third party agent collected the information unlawfully.
RCMP first denied using Clearview AI
Concerns about the company Clearview AI intensified last year after a New York Times investigation revealed the software had extracted more than three billion photos from public websites like Facebook and Instagram. It then turned them into a database used by more than 600 law enforcement agencies in the U.S., Canada and elsewhere.
The RCMP at first denied it used Clearview AI but confirmed last year it had been using it following reports the company's client list had been hacked.
At the time, the force acknowledged vaguely that
a few units in the RCMP had been using the tech to
enhance criminal investigations — which could refer to almost any section of the RCMP.
We are concerned by the willingness of the RCMP to abrogate its responsibility in respecting the privacy rights of Canadians in favour of accepting general assertions of a private company without any attempt at validation, notes the report.
Clearview AI has since stopped offering its services to Canada. While Therrien says the RCMP is no longer using it, he remains concerned that the force did not agree with his conclusion that it contravened the Privacy Act.
While the Office of the Privacy Commissioner maintains the onus was on the RCMP to ensure the database it was using was compiled legally, the RCMP argued doing so would create an unreasonable obligation and that the law does not expressly impose a duty to confirm the legal basis for the collection of personal information by its private sector partners, notes the report.
CBC News has requested comment from the RCMP.
Better personal data controls needed, says Therrien
The report also found the RCMP did not have proper systems in place to track, identify, assess and control this type of personal information.
It recommends that within a year, the RCMP improve its policies, systems and training, which the force has agreed to do.
A February report from Therrien and three other privacy commissioners found Clearview AI created a significant risk to individuals by allowing law enforcement and companies to match photos against its database of more than three billion images, including Canadians and children.
It called on governments to beef up federal and provincial privacy laws after it found Clearview AI violated Canadian privacy laws by collecting photos of Canadians without their knowledge or consent.
Catharine Tunney (new window) · CBC News