Clearview AI turned Facebook photos into a police search engine

Clearview AI did not merely collect photos. It turned ordinary online images — profile pictures, public posts, news photos, social media uploads and other web-facing images — into a searchable biometric index for law enforcement. The company’s story now sits at the center of a much larger fight over AI scraping, facial recognition, police power, biometric privacy and the limits of “publicly available” data.

A police database built from ordinary online life

Clearview AI became known because it did something both technically simple and socially explosive: it copied facial images from the open web, processed them into biometric identifiers, and sold search access to police and government users. Early reporting described a database of more than three billion images. Later reporting put the figure far higher. Business Insider reported in 2023 that Clearview had scraped 30 billion images from Facebook and other social media sites, while Clearview’s own current website markets a law-enforcement database of 70+ billion images.

The scale matters because facial recognition is not just another AI feature. A face is both visible and deeply personal. It is shown in public, attached to identity, and hard to replace. A password can be changed. A face cannot. Clearview’s model converted that permanent human feature into a search key. A police officer could upload an unknown face from a crime scene, a CCTV frame, a phone image or a social media screenshot and receive possible matches linked back to web pages where the person appeared. The Australian privacy regulator described the company’s tool in those terms: users could upload a face image, find other facial images collected from the internet, and follow links to where those photos appeared.

The company presents the tool as an investigative aid. Its website says Clearview AI supports criminal investigations, public defenders, national security and defense, and public safety work. It says the platform is used to identify suspects, witnesses and victims, and to help close cases faster. Critics see something different: a private company created a global face-search system without asking the people whose images made it possible, then offered access to state power.

That gap between investigative lead and mass biometric search engine is the center of the Clearview controversy. The company says it collects public images lawfully and limits access to law enforcement and related users. Regulators and civil liberties groups argue that public visibility does not erase privacy rights, consent duties, biometric protections or the risk of abuse. The dispute is not only about one company. It is a test case for the entire AI economy’s habit of treating the open internet as raw material.

The Facebook connection is only part of the story

The phrase “scraped billions of Facebook photos” captures the public shock, but it does not capture the full technical or legal design. Clearview’s database was not built only from Facebook. Reporting and regulatory findings refer to images from social media platforms, public websites and other online sources. Facebook, Instagram, YouTube, Twitter, LinkedIn, Venmo and other platforms were pulled into the controversy because Clearview allegedly scraped images from places where users posted for social, professional or personal reasons, not for inclusion in a police-search database.

Facebook’s reaction was direct. A spokesperson told Business Insider in February 2020 that scraping people’s information violated its policies and that Facebook had demanded Clearview stop accessing or using information from Facebook or Instagram. By 2023, Meta said Clearview’s actions invaded people’s privacy, that it had banned the founder from its services, and that it had sent a legal demand to stop accessing data, photos or videos from its services.

Clearview’s defense has long turned on a different premise. The company and its executives have argued that its database consists of publicly available images and that collecting such images is lawful. In 2023, Hoan Ton-That told Business Insider that Clearview’s database was lawfully collected and compared the collection to search engines indexing public web pages.

The search-engine comparison is powerful as rhetoric and weak as a complete answer. Search engines index web pages so users can find pages. Clearview indexes faces so users can identify people. The output is not simply a list of pages about a topic. The output is a possible identity match tied to a human being. That shift from page search to person search is the legal and ethical break point.

Facebook, Instagram and similar services were designed around social sharing. Users may have understood that a photo posted publicly could be seen, copied, searched by name, or indexed by conventional web crawlers. Far fewer people would have understood that every visible face in an image could be converted into a biometric template, stored in a private database and made searchable by police years later. That mismatch between user expectations and downstream use is what made the case politically potent.

Scraping is not the same as consent

The Clearview debate often gets stuck on the word “public.” The company’s position depends on the idea that public-facing material can be collected and analyzed. Privacy regulators have rejected that framing again and again, especially when the material is sensitive biometric data. The Canadian privacy commissioners said in 2021 that Clearview’s scraping of billions of images represented mass surveillance and violated Canadians’ privacy rights.

Consent is not a decorative legal concept in biometric systems. It is the mechanism that lets a person decide whether an immutable trait — face geometry, fingerprint, iris pattern, voiceprint — can be captured, stored and used. Illinois’ Biometric Information Privacy Act requires private entities to inform people in writing before collecting biometric identifiers, explain the purpose and length of use, and obtain written release. It also bars private entities from selling, leasing, trading or otherwise profiting from a person’s biometric identifier or biometric information.

Clearview’s model ran in the opposite direction. The people in the photos did not receive individual notice. They did not provide written releases. They often did not know their images had been copied. Their photos may have been public in one setting, but their biometric identifiers were extracted for another setting entirely. The legal question is not only whether a photo could be viewed. It is whether a face could be captured, transformed into biometric data and commercialized for identification.

The Australian Information Commissioner reached a similar point in privacy-law terms. In 2021, the OAIC found that Clearview breached Australians’ privacy by scraping biometric information from the web and disclosing it through a facial recognition tool. The regulator said Clearview collected sensitive information without consent, collected personal information by unfair means, failed to notify people properly, and failed to take reasonable steps to ensure disclosed information was accurate for its purpose.

Those findings cut through a common tech-industry assumption. A company may be able to reach a public image with a crawler. That does not settle whether it may process that image into biometric data. Access is not consent. Visibility is not waiver. A person appearing in public does not automatically authorize every future identification use of their face.

The database grew faster than the law could react

Clearview’s database grew while regulators, courts and platforms were still arguing about what category the activity belonged in. Was it web scraping? Search indexing? Biometric surveillance? A law enforcement vendor service? A privacy violation? An AI training data issue? A consumer protection matter? The answer, as the record now shows, was all of those at once.

The scale moved quickly. The ACLU’s case page says Clearview had captured more than three billion faceprints from online images after the New York Times revealed the company’s system in January 2020. The ACLU of Illinois later described the company as claiming more than 10 billion faceprints when it announced the 2022 settlement. Business Insider reported a 30-billion-image figure in 2023. Reuters reported in 2025 that Clearview said it had collected more than 60 billion images globally. Clearview’s own website now advertises 70+ billion images in its law enforcement database.

This growth curve is not incidental. Facial recognition databases become more useful as they become larger, especially when the goal is open-ended identification rather than verification. A small database can answer the question, “Does this face match one of these enrolled users?” A giant web-scraped database tries to answer a different question: “Who is this person anywhere on the internet?” That turns scale into the product.

Police interest followed the same logic. Axios reported in February 2020 that Clearview’s app was being used to identify suspected criminals by more than 600 law enforcement agencies, including the FBI and the Department of Homeland Security, citing the New York Times. Business Insider later reported Clearview’s claim that U.S. police had accessed the system nearly a million times since the company’s founding, while noting that the number could not be independently confirmed by Insider.

A technology can become operational before it becomes governed. Clearview’s rise shows that sequence in plain form. By the time regulators began issuing deletion orders and fines, the database had already become global, police agencies had already tested or used it, and the company had already positioned itself as a public-safety vendor.

The product turns identity into a search result

A conventional police database usually starts with a state-controlled collection: mugshots, driver’s-license photos, passport images, visa records, missing-person files or custody records. Those systems raise serious privacy and accuracy questions, but the source and legal basis are at least visible. Clearview’s database changed the source base. It pulled from the ordinary web — family photos, social profiles, public posts, professional headshots, news images, event photos — and made those images useful to police identification.

The tool’s mechanism is straightforward at a high level. A face is detected in an image. Software measures and encodes features into a mathematical representation often called an embedding, template or faceprint. A query image is encoded in the same way. The system compares that encoding against stored encodings and returns likely matches. The user then reviews candidate results and associated source links. This is not human recognition at web scale. It is automated similarity search across a huge biometric index.

The danger is not that the machine “knows” who someone is in a human sense. The danger is that a similarity score can acquire police authority. A ranked list of possible matches can become an investigative direction, a lineup candidate, a warrant lead or an internal case note. Once a name appears, the rest of the investigation may bend around it.

Clearview says its system is an after-the-crime investigative tool and not available to the general public. The company has said each photo in its dataset can be a clue that saves a life, helps a victim, prevents wrongful identification or exonerates an innocent person. Those use cases should not be dismissed. Facial recognition can help identify victims of exploitation, unknown deceased persons, fugitives and suspects in serious crimes. The hard question is whether those benefits justify building the database without consent from billions of people.

The database also changes the privacy position of bystanders. A person does not need to be suspected of a crime to be included. They only need to appear in an image that a crawler found. They may be a child in a family photo, a protest attendee in the background of a news image, a retail worker in a public post, or a victim whose photo circulated online. The system’s reach is not limited to people with criminal records. It treats the open web as a biometric enrollment pipeline.

The “perpetual police lineup” critique landed because it was concrete

Civil liberties groups often use abstract language when discussing surveillance, but the Clearview case produced a phrase that ordinary readers could understand: a “perpetual police lineup.” Business Insider’s 2023 article used that phrase in its headline and reported criticism that the database could place people who had done nothing wrong into a permanent searchable pool.

The phrase works because it captures two features of the technology. First, inclusion is not based on suspicion. It is based on being visible online. Second, search can happen later, for a purpose the person never imagined. A photo posted at a birthday party, a school event, a community gathering or a demonstration can be repurposed into a police-identification lead years after the photo was uploaded.

Lineups traditionally involve safeguards. Police gather a small set of people or photos, follow rules, document procedures, and allow defense counsel to challenge suggestiveness or reliability. Facial recognition databases operate differently. They begin with massive search. They may be used before a suspect is named. They may produce candidates invisible to the defense unless disclosed. They may be treated as “just a lead,” even when the lead drives the rest of the case.

This matters for due process. If a facial recognition result is never disclosed, a defendant may not know how they entered the investigation. If the query image was poor, edited, cropped or low-resolution, the defense may not know. If the search searched billions of scraped images rather than a controlled database, the defense may not know. If the officer treated a possible match as a real identification, the defense may only see the later steps — lineup, witness statement, warrant — without seeing the algorithmic origin.

The phrase “perpetual police lineup” also captures an emotional truth. People accept being seen in public. They do not necessarily accept being permanently enrolled into a biometric search system. The act of walking through public life is not the same as agreeing to be searchable by face.

Clearview’s claimed benefits deserve scrutiny, not caricature

A serious analysis has to acknowledge the strongest version of Clearview’s case. The company says its technology helps law enforcement identify suspects, witnesses and victims. Its website frames the platform as a tool for criminal investigations, public safety, public defenders, national security and defense. It also says the tool has high accuracy and is trained on a large, diverse dataset.

There are plausible public-interest uses. Investigators may have a photo of a person exploiting a child but no name. A victim may be unidentified. A violent suspect may appear in video footage. A public defender may seek to identify another person who committed a crime. An agency may need to identify a deceased person whose fingerprints are not available. In those contexts, face-search technology can produce leads that traditional methods miss.

The problem is not that every use is illegitimate. The problem is that Clearview’s model separates benefit from consent, and separates police utility from public governance. The tool may help solve some cases while still creating a database that many regulators consider unlawful. It may produce accurate matches in some situations while still increasing the risk of wrongful arrests when used carelessly. It may help identify a victim while also exposing millions of people to search without notice.

A mature policy debate must hold those truths together. A technology can be useful and dangerous. A police tool can solve crimes and erode civil liberties. A database can be accurate in a benchmark and unreliable in a real investigation with poor images, time pressure, automation bias and weak disclosure.

Clearview’s strongest public-safety argument also does not answer the narrower legal issue. If a company wants to process biometric identifiers, what notice, consent, deletion, audit, accuracy and accountability duties apply? If police want to use a private face-search tool, what approval, documentation, warrant, disclosure and independent-corroboration rules apply? Those are governance questions, not anti-police slogans.

Police use exposed a record-keeping problem

The U.S. Government Accountability Office has repeatedly found weak controls around law enforcement use of facial recognition. In 2021, GAO surveyed 42 federal agencies with law enforcement officers. Twenty reported owning facial recognition systems or using systems owned by others. Fifteen reported using non-federal systems, and all 14 agencies that used facial recognition for criminal investigations reported using systems owned by non-federal entities. GAO found that only one agency had awareness of which non-federal systems employees used.

That finding is central to the Clearview issue. If agencies do not know which external systems their officers use, they cannot assess accuracy, privacy risks, civil liberties risks, contract terms, audit logs, retention practices or disclosure obligations. A commercial tool can enter investigations through trial accounts, informal access, task-force sharing or interagency referrals before policy catches up.

GAO’s 2023 work on facial recognition services found more gaps. It reported that U.S. Customs and Border Protection did not know the extent to which staff used facial recognition services, did not require training before access to two services it used, and had not assessed whether training would benefit staff. CBP later allowed those two services to expire at the end of fiscal year 2023 and developed a training course for staff who plan to use facial recognition services.

For Clearview, the practical concern is simple: a tool can be marketed as “only a lead,” but the lead can still shape a case. If officers are not trained, if agencies do not track searches, and if courts do not receive clear disclosure, then the difference between lead and evidence becomes blurred. Governance fails when the system is treated as low-stakes at the moment of use and high-value at the moment of arrest.

The record-keeping issue also makes public debate harder. People cannot evaluate a technology if agencies cannot say how often it is used, for what crimes, under which policies, with what error rates, and with what outcomes. Transparency is not a public-relations preference. It is the foundation for democratic control of police technology.

Accuracy claims do not settle the risk

Facial recognition vendors often cite accuracy. Clearview’s website says its tool has “99+% accuracy for all demographics” and says it is tested by NIST. Accuracy numbers deserve careful reading. They can vary by task, dataset, threshold, image quality, demographic group, database size and operational workflow. A high score under one test condition does not guarantee safe use in a police investigation.

NIST’s work shows why. Its demographic-effects research examines false positive and false negative patterns across age, sex and race. NIST’s demographic-effects page, updated in March 2025, explains that false negative effects can be strongly dependent on image quality and that poor face photography can induce a demographic effect; it also tracks false positive demographic effects where incorrect associations differ by age, sex or race. NIST’s 2019 report remains a major reference point for understanding demographic performance differences across face-recognition algorithms.

A police search can involve exactly the image conditions that make accuracy harder: low light, motion blur, off-angle faces, compression artifacts, masks, hats, partial faces, surveillance cameras mounted above eye level, screenshots of screenshots, and cropped images. Even if an algorithm performs well on high-quality images, real investigative input can be messy. The match may be a lead, but a human investigator may overvalue it.

The other accuracy issue is base rate. Searching a database of billions of images creates a different statistical environment than verifying whether one passport photo matches one passport holder. A tiny false positive rate can still generate false candidates when the gallery is huge. The larger the search pool, the more carefully agencies must manage thresholds, candidate review and independent corroboration.

Accuracy is not a single property of the software. It is a property of the full system: image quality, database composition, model performance, officer training, policy constraints, documentation, human review and downstream evidence. Clearview’s controversy grew because critics feared police agencies were buying the most powerful version of face search without building the institutional controls needed to use it safely.

Wrongful arrests changed the public meaning of facial recognition

The Clearview debate is not only about data collection. It is also about what can happen after a facial recognition match enters a criminal case. Civil liberties groups have documented wrongful arrests linked to face-recognition technology. The ACLU says Robert Williams was wrongfully arrested by Detroit police in January 2020 after a false facial recognition match and held for about 30 hours; it describes his case as the first publicly reported wrongful arrest caused by a false face-recognition match.

Detroit later became a focal point for reform. The ACLU of Michigan said in 2024 that all three known wrongful arrests in which Detroit police relied on facial recognition involved Black people. A settlement in Williams’ case produced new restrictions on the Detroit Police Department’s use of facial recognition, including stronger limits on arrests based solely on the technology.

These cases do not prove that every system is inaccurate or that every police use is improper. They prove a narrower but decisive point: when face-recognition output is treated as more reliable than it is, innocent people can be arrested. That risk is not theoretical. It has names, families, jail cells, legal bills and public humiliation attached to it.

Clearview’s own tool may not be involved in every wrongful arrest story. The larger policing ecosystem matters because Clearview is part of that ecosystem. It expands the pool of searchable faces and normalizes using algorithmic identity search as an investigative shortcut. When search results are hidden behind “investigative lead” language, the error path can become harder to challenge.

Wrongful arrests also expose a chain problem. A bad match may lead to a photo lineup. A witness may pick the person from the lineup. A warrant affidavit may emphasize witness identification without clearly explaining the algorithmic source. The judge may see probable cause. The defendant may spend time in custody. By then, the facial recognition result has done its work even if it never appears as trial evidence.

Clearview’s strongest legal shield is also its weakest social argument

Clearview has argued that it collects publicly available images and operates lawfully. Its defenders often place the company within a U.S. tradition of public-information access, investigative journalism, search engines and open-web indexing. There is a real legal debate around scraping, platform terms and public data. Some scraping disputes turn on contract law, computer misuse statutes, intellectual property, anti-hacking law or unfair competition.

Facial recognition changes the balance because the scraped material is not treated merely as content. The face is transformed into biometric data. That transformation is exactly what regulators in Australia, Canada and Europe focused on. The Canadian joint investigation examined Clearview’s collection, use and disclosure of personal information through its facial recognition tool under federal and provincial private-sector privacy laws. The Australian regulator treated the conduct as collection of sensitive biometric information without consent. European regulators treated it as unlawful processing of personal and biometric data under the GDPR.

The public-data defense also has a social problem. People post photos for human communication, not for involuntary biometric enrollment. They may expect that a public profile photo can be viewed. They may not expect that the image will be stored by a private surveillance company, linked to other photos, converted into a faceprint and made searchable by police. The fact that a human could see a photo does not mean a company should be able to automate identity extraction from billions of photos.

This distinction has become central to AI policy far beyond Clearview. Generative AI companies have made related arguments about training on public web data. Publishers, artists, platforms, privacy advocates and regulators have challenged those arguments. Clearview is the sharper case because the data at issue is not only text or style. It is the human face.

The public web was not designed as a biometric commons. That sentence captures the deeper lesson. If policymakers accept that any visible face can be enrolled into face-search systems, then privacy becomes a privilege of people who never appear online. That is not a realistic standard for modern life.

Europe turned Clearview into a cross-border enforcement test

Europe’s response to Clearview has been forceful on paper and difficult in practice. French, Italian, Greek and Dutch regulators have all found Clearview’s practices unlawful under data protection law or issued major penalties and orders. The French data protection authority, through an EDPB-published summary, fined Clearview €20 million, ordered it to stop collecting and processing data of people in France without a legal basis, and ordered deletion within two months, backed by a daily penalty for delay.

Italy’s authority imposed a €20 million fine, banned further collection and processing of images and metadata concerning people in Italy, ordered erasure of data including biometric data, and ordered Clearview to designate an EU representative. The EDPB summary said Italy found unlawful processing of personal data, including biometric and geolocation information, and found failures of transparency, purpose limitation and storage limitation.

The Dutch Data Protection Authority imposed a €30.5 million fine in 2024 and an additional order carrying penalties up to €5 million for non-compliance. Reuters reported that the Dutch authority called Clearview’s database illegal and warned that using Clearview’s services was also illegal under Dutch rules. Clearview’s chief legal officer told Reuters the company had no place of business or customers in the Netherlands or EU and argued the decision was unlawful and unenforceable.

This is where the case stops being only about privacy and becomes about jurisdiction. European regulators can issue findings and fines. A U.S.-based company without an EU establishment can resist, ignore, appeal or argue that the regulators lack reach. Administrative orders can have moral, legal and reputational force, yet enforcement becomes harder when the company’s assets, executives and customers sit outside the issuing country.

Noyb’s 2025 criminal complaint in Austria directly targets that weakness. The privacy group said Clearview had ignored EU fines and bans, and it asked Austrian authorities to examine criminal liability for GDPR-related violations. Reuters reported that the complaint could expose Clearview and executives to personal liability, including potential jail time, if prosecutors accept the theory.

The UK case matters because jurisdiction became the issue

The United Kingdom’s Clearview proceedings became one of the most closely watched jurisdiction fights. The Information Commissioner’s Office fined Clearview £7.5 million in 2022 and issued an enforcement notice over scraping images of UK residents from the web and social media, according to the ICO’s later summary. Clearview challenged jurisdiction, arguing its service was sold only to foreign law enforcement and fell outside UK GDPR.

The UK Upper Tribunal issued its decision in October 2025. The GOV.UK case page says the appeal concerned the reach of data protection regulation under EU and UK law and whether the Information Commissioner had jurisdiction to issue enforcement and penalty notices to Clearview. The ICO said the Upper Tribunal upheld three of the Commissioner’s four grounds of appeal and addressed whether Clearview’s processing fell within the scope of UK data protection law. The ICO page also notes that, as of a 19 December 2025 update, the Upper Tribunal granted Clearview permission to appeal to the Court of Appeal.

That procedural detail matters. The legal story is not finished. Clearview has fought jurisdictional reach, and the UK litigation shows how long cross-border privacy enforcement can take. A regulator may find that a company processed residents’ data unlawfully. A tribunal may agree on key points. Appeals can continue. During that time, the underlying technology may keep developing and the database may keep growing.

The UK case also clarifies a broader point for AI companies. Selling services outside a country may not shield a company if the service processes people in that country, monitors behavior, or uses residents’ personal data as part of the product. That matters for AI systems trained or operated on global datasets. Jurisdiction may attach not only where the vendor sits or where customers sit, but where affected people are located.

For Clearview, the UK fight is a warning and a survival strategy. If regulators can reach a company with no local customers because the company processes residents’ biometric data, then foreign AI vendors face greater legal exposure. If Clearview can narrow that reach, other data-scraping businesses will notice.

The EU AI Act now targets the Clearview-style model

The European Union’s AI Act puts the Clearview model into statutory language. The official regulation prohibits placing on the market, putting into service for that specific purpose, or using AI systems that create or expand facial recognition databases through untargeted scraping of facial images from the internet or CCTV footage. The regulation’s recital says such practices add to the feeling of mass surveillance and can lead to gross violations of fundamental rights, including privacy.

The European Parliament summarized the law in March 2024 by saying the new rules ban AI applications that threaten citizens’ rights, including biometric categorization based on sensitive characteristics and untargeted scraping of facial images from the internet or CCTV footage to create facial recognition databases.

This provision is one of the clearest signs that lawmakers learned from Clearview. The law does not merely regulate outputs. It targets the database-building method itself. It says the act of creating or expanding face-recognition databases through untargeted scraping is prohibited. That moves the legal focus upstream from misuse after deployment to the collection architecture that makes mass search possible.

The AI Act’s penalty structure gives the prohibition teeth. For non-compliance with prohibited AI practices under Article 5, the regulation allows administrative fines of up to €35 million or, for an undertaking, up to 7 percent of total worldwide annual turnover for the preceding financial year, whichever is higher. Enforcement will still depend on national authorities and cross-border cooperation, but the rule is no longer implied from general privacy principles. It is explicit.

The AI Act does not solve every issue. It will face interpretation fights over scope, timing, exceptions and extraterritorial reach. It will not automatically force a U.S. company to delete data held outside Europe. It does, however, mark a policy line: the EU now treats Clearview-style untargeted facial scraping as a prohibited AI practice, not merely a risky business model.

The United States remains fragmented

The United States has no comprehensive federal biometric privacy law comparable to the GDPR or the EU AI Act. That absence gave Clearview space. Federal agencies could use or test facial recognition tools while rules developed agency by agency. Private lawsuits and state laws filled some gaps, but the result is uneven.

Illinois became the most important state because BIPA gives individuals a private right of action and sets clear consent, retention, disclosure and profit restrictions for biometric identifiers and biometric information. The law defines biometric identifiers to include retina or iris scans, fingerprints, voiceprints, and scans of hand or face geometry. It requires written notice, purpose and duration disclosure, written release, retention schedules, protective storage and allows statutory damages for violations.

The ACLU used BIPA against Clearview. The 2022 settlement permanently banned Clearview nationwide from making its faceprint database available to most businesses and private actors. It also barred Clearview from selling access to its database to any entity in Illinois, including state and local police, for five years. That settlement showed how one state law could reshape a national business model.

Yet the settlement also revealed the limits of state-by-state enforcement. Clearview remained able to sell to law enforcement outside Illinois under the settlement’s structure. People outside Illinois did not receive the same opt-out rights. Many states lack BIPA-style private enforcement. Federal law has not created a uniform consent rule for biometric scraping or a national framework for police use of private face-search databases.

This fragmentation creates a predictable result. The strongest privacy rules shape company behavior, but only partially. Companies can withdraw from certain markets, restrict certain customers, litigate jurisdiction, and continue elsewhere. Police agencies may face strict policies in one city and weak rules in another. A person’s protection depends on geography, not on the sensitivity of the biometric data itself.

The ACLU settlement narrowed private sales but not the core police question

The 2022 ACLU settlement was a major win for biometric privacy advocates. It stopped Clearview from making its faceprint database available to most private companies and individuals across the United States. That mattered because early reporting and the ACLU’s claims described access offered not only to police but also to private actors. A face-search database available to retailers, employers, landlords, wealthy individuals or private investigators would create an even broader surveillance market.

The settlement did not end the police question. The ACLU case page says Clearview was barred from selling access to any entity in Illinois, including state and local police, for five years. Outside Illinois, law enforcement access remained the company’s central business path. Clearview’s own website still frames the product around law enforcement, public defenders, national security and public safety.

That split reflects American law’s deepest unresolved issue. Private biometric exploitation is easier to restrict under consumer privacy law than government use is under constitutional and criminal procedure doctrines. Police use raises Fourth Amendment questions, due process questions, procurement questions, public-records questions, evidence disclosure questions and civil rights questions. No single law answers all of them.

The settlement also did not require a simple cash payout to every person whose face was allegedly scraped. Later federal class-action litigation produced a stranger outcome. A U.S. judge approved a nationwide settlement in 2025 that Reuters described as resolving privacy claims without any immediate specific monetary payout. Class members would potentially hold a 23 percent stake in the company, with a possible settlement fund tied to future company value, sale, merger or revenue.

That result is almost surreal: people who alleged their faces were taken without consent may receive compensation only if the company built on that database becomes valuable enough. It reflects the difficulty of extracting damages from a controversial startup whose main asset is the same database at the center of the lawsuit.

Clearview turned privacy enforcement into a business-risk model

Clearview’s legal record raises a hard business question for AI companies: when does repeated regulatory sanction become simply a cost of doing business? Europe has issued fines and orders. Australia and Canada found violations. U.S. litigation produced settlements. Platforms issued cease-and-desist letters. Yet the database grew.

The Dutch fine illustrates the problem. Reuters reported that the Dutch authority imposed a €30.5 million fine and additional penalties for non-compliance, while Clearview argued the decision was unlawful, lacked due process and was unenforceable because the company had no business or customers in the Netherlands or EU. Noyb’s Austrian complaint argues that administrative enforcement has struggled because Clearview lacks an EU establishment and has not paid imposed fines.

If a company can build a global dataset first and fight jurisdiction later, regulators are pushed into a reactive posture. They can declare conduct unlawful, but the data may already be copied, transformed, replicated and incorporated into systems. Deletion orders then require proof of data location, subject residency, biometric template mapping and technical compliance. Clearview has argued in some contexts that it cannot easily know which images belong to residents of a given jurisdiction without processing more data.

This is the enforcement paradox of web-scale AI. The harm is created by copying and processing at speed. The remedy demands slow legal procedure. The company can operate while regulators investigate. Appeals can run for years. Public attention moves on. The database becomes part of the firm’s value.

For other AI companies, Clearview offers a warning and a temptation. The warning is that scraping biometric data can trigger global sanctions, civil litigation, platform conflict and reputational damage. The temptation is that early scale can create leverage. Once a dataset becomes commercially useful, enforcement may lag behind growth.

Major legal and regulatory actions

Clearview AI enforcement map

The pattern is consistent across jurisdictions: privacy authorities objected not merely to facial recognition in the abstract, but to web-scale biometric collection without consent, weak transparency and the sale or disclosure of face-search access to powerful users. The enforcement record also shows the weakness of relying on fines alone when a company operates across borders.

The Australian and Canadian findings gave the clearest privacy language

The Australian and Canadian decisions are useful because they avoid some of the procedural complexity of later European litigation and state the privacy harm plainly. Australia found that Clearview interfered with privacy by collecting sensitive information without consent, collecting by unfair means, failing to notify individuals, failing to ensure accuracy in disclosure, and failing to implement adequate practices, procedures and systems.

The OAIC’s 2024 statement confirmed that the original determination still stood after Clearview withdrew from proceedings in Australia’s Administrative Appeals Tribunal. The regulator said Clearview must not collect images from individuals in Australia and must delete all images it had previously collected from individuals in Australia. That statement also showed the practical dilemma: questions remained about compliance, but the regulator had to decide how much additional resource to spend scrutinizing a foreign company already investigated in multiple jurisdictions.

Canada’s language was even more forceful. The Office of the Privacy Commissioner of Canada said Clearview’s scraping of billions of images represented mass surveillance and a clear violation of Canadians’ privacy rights. The joint investigation examined collection, use and disclosure under federal and provincial private-sector privacy laws.

These findings matter because they reject the idea that only secret or private data can raise privacy concerns. A public image can still be personal information. A face can still be sensitive. A database can still create surveillance even if each source image was individually reachable. The privacy violation comes from aggregation, transformation and purpose shift.

Aggregation is the hidden engine. One public photo is a moment. Billions of public photos arranged by face become infrastructure. Transformation turns pixels into biometric identifiers. Purpose shift takes images shared for personal or informational reasons and uses them for state-linked identification. Those three steps explain why regulators treated Clearview differently from ordinary web indexing.

Platform terms became a weak first line of defense

Facebook and other platforms reacted with cease-and-desist letters, but platform terms were never enough to control the issue. Axios reported in 2020 that Facebook, YouTube, Twitter, Venmo and LinkedIn sent Clearview cease-and-desist letters after reporting that the startup scraped billions of faces from their sites. Business Insider reported Facebook’s demand that Clearview stop accessing or using information from Facebook or Instagram.

Terms of service can prohibit scraping, automated access and unauthorized data collection. Platforms can block accounts, detect bots, litigate, throttle access and send legal demands. But once images are copied, the platform’s practical control declines. A platform can remove a post, disable an account or improve anti-scraping systems. It cannot easily retrieve every copy already made or every biometric template derived from those copies.

This is the structural weakness of platform-based privacy. Users rely on platforms to enforce rules against third parties. Platforms rely on technical defenses and contract terms. Scrapers rely on speed, distributed infrastructure and ambiguity over public access. Law arrives later.

Clearview also exposed a conflict of interest. Platforms criticized scraping because it violated user privacy and their policies. They also had their own interest in controlling data access and protecting platform value. Privacy advocates could agree with the platforms’ objections while still distrusting platform power. The Clearview case did not make Meta, Google or LinkedIn guardians of privacy. It showed that even the largest platforms struggled to prevent downstream biometric extraction from public-facing content.

The broader AI lesson is direct. Website terms, robots.txt files, account bans and cease-and-desist letters are weak defenses against actors that want training data, biometric data or identity data badly enough. Stronger protections require law, enforcement, procurement rules, audit duties and technical measures that reduce collection at the source.

The law enforcement market made the database more controversial

Clearview’s business would have been controversial even as a private search tool. Selling or providing access to police made it more sensitive. Law enforcement use brings coercive power. A match can lead to surveillance, questioning, detention, arrest, prosecution or immigration consequences. A private user may misidentify someone. A police user may trigger the state.

Clearview’s website now speaks directly to law enforcement, national security, defense and public defenders. It says the platform helps rapidly generate leads to identify suspects, witnesses and victims. Reuters reported in 2025 that Clearview markets its tools mainly to law enforcement and says it has collected more than 60 billion images globally.

Police use changes the standard of proof society should demand. A consumer app can be wrong and annoying. A law enforcement tool can be wrong and life-altering. That does not mean police can never use AI. It means police AI must meet a higher governance threshold than ordinary commercial software. Agencies need written policies, approval rules, search logs, retention limits, disclosure obligations, independent corroboration rules, demographic performance assessments, public reporting and procurement transparency.

The “after-the-crime” framing also deserves care. Clearview has said its system is used for after-the-crime investigations and not real-time public surveillance. Post-event use is less intrusive than live scanning of crowds in some respects. It still allows retrospective identification of people from protests, clinics, religious gatherings, workplaces, nightlife, schools, shelters or political events if images exist. Retrospective search can chill behavior because people know any recorded image may become searchable later.

The difference between live surveillance and retrospective search is real, but it is not the difference between surveillance and no surveillance. A searchable archive of faces can be powerful even when used after an event.

Public defenders do not erase civil liberties concerns

Clearview highlights public defenders as one of its user categories. Its website says JusticeClearview enables public defenders to protect the innocent with facial recognition technology. This is a clever and not meaningless point. Defense access can reduce one-sided police advantage. If prosecutors and police can use face-search tools, defense teams may argue they need comparable access to investigate alternative suspects, verify leads, challenge identity claims or exonerate clients.

Yet defense access does not cure the consent problem. A person whose face was scraped did not consent because a defense lawyer might someday use the database. Nor does defense access solve database legitimacy, accuracy or privacy concerns. It may improve fairness inside criminal procedure while leaving the underlying biometric collection objection intact.

There is a policy tension here. Banning all defense access while allowing police access would deepen inequality. Allowing both may normalize the database. Restricting both may protect privacy but remove possible exculpatory uses. The cleanest answer is not simply “public defenders yes” or “public defenders no.” It is to decide whether such a database should exist at all, and if it does, under what consent, deletion, access, audit and court-supervision rules.

Public defenders also need disclosure. If police used Clearview or another face-search tool to identify a defendant, the defense should know. If the state treats the result as a lead, that does not automatically remove the defendant’s right to understand the investigative path. A facial recognition lead can be the first domino. Hiding the first domino distorts the case.

A fair criminal system cannot let AI tools operate as invisible accusers. Whether a search helps the prosecution or defense, courts need a record: what image was used, which system was searched, what candidates appeared, how confidence scores were displayed, who reviewed the result, what corroboration followed, and whether any alternative candidates were ignored.

Biometric data is different from ordinary personal data

A faceprint is not like an email address. Email addresses can be changed, abandoned or compartmentalized. Face geometry follows a person across contexts. It connects childhood photos, adult photos, work images, school images, travel images, news images and surveillance footage. That continuity is what makes facial recognition useful and what makes it dangerous.

Biometric systems collapse context. A person may use different names on different platforms. They may keep work, family, politics, religion and health separate. A face-search database can connect those contexts through visual identity. That creates a map of public life that no single platform holds. The privacy harm is not only identification. It is the destruction of practical obscurity.

Practical obscurity means information can be public yet hard to assemble. Before web-scale search, a person might appear in a local newspaper archive, a school photo, a community post and a company page. Each item was findable with effort. Facial recognition makes the face itself the query, removing the need to know a name, location or source. The person becomes searchable from an image alone.

This is why regulators treated Clearview’s activities as more than copying pictures. The images became a biometric infrastructure. Italy’s regulator, as summarized by the EDPB, found unlawful processing of biometric and geolocation information and failures of transparency, purpose limitation and storage limitation. France’s regulator ordered Clearview to stop collection and processing without a legal basis and to delete data already collected.

Biometric data intensifies every ordinary privacy risk because it is persistent, identifying and hard to separate from the body. A breach of a password database is bad. A face database used for identification by police and state actors raises a different level of social risk.

The AI industry should read Clearview as a warning about data provenance

Clearview is facial recognition, not a general chatbot company. Yet the case speaks directly to the AI industry’s biggest unresolved issue: data provenance. Where did the data come from? Was it collected with consent? Was it collected under platform terms? Did it include sensitive data? Was it transformed into something more invasive? Can individuals opt out or obtain deletion? Can regulators verify compliance?

Many AI companies have relied on the scale-first logic: collect massive datasets, build models, respond to objections later. Clearview shows the sharpest version because the dataset contains faces and the buyers include police. But the underlying pattern appears across AI: public web collection, unclear consent, downstream commercial use, jurisdictional conflict, and weak individual control.

Data provenance is not paperwork. It determines whether an AI product can survive legal scrutiny. If a company cannot explain what it collected, from where, under what authority, for what purpose, with what retention rules and with what deletion process, it is building risk into the product. The larger the dataset, the harder retroactive cleanup becomes.

Clearview’s history also shows why “we only use public data” is no longer a complete answer. Public data can include children, victims, protesters, workers, patients, worshippers, migrants, journalists, activists and bystanders. It can include data posted under one norm and processed under another. It can contain biometric, health, location or political signals. The fact that a crawler can reach data does not make every downstream AI use legitimate.

The AI firms most likely to survive regulation will be those that treat data provenance as infrastructure rather than legal decoration. That means collection logs, source records, rights management, opt-out and deletion workflows, sensitive-data filters, audit-ready documentation and clear customer restrictions. In a post-Clearview world, “we scraped it” is not a provenance strategy.

The business model depends on asymmetry

Clearview’s model depends on a large asymmetry between the people who supply the data and the institutions that use the tool. The people in the database did not negotiate terms, receive payment, approve the use, or choose the customers. The users — police agencies, government entities and related actors — receive identity-search power. Clearview receives a commercial asset. The data subjects receive risk.

This asymmetry is common in surveillance markets. People generate data as a byproduct of life. Companies capture it. Governments buy access. The public sees the full architecture only after journalists, litigants or regulators uncover it. By then, the market has already formed.

The asymmetry also appears in remedies. Illinois residents received a route to block facial data under the ACLU settlement. Many others did not. European residents received regulatory decisions and deletion orders, but enforcement against a foreign company remains difficult. Australians received a determination that still stands, but the regulator later declined to spend further resources pursuing the company.

Clearview benefits from another asymmetry: identification flows one way. Police can identify people from images. The people being identified may not know they were searched. They may not know which agency searched them, whether they were a candidate, whether the result was wrong, or whether it influenced a decision. A search can affect someone without ever becoming visible.

A democratic society should be wary of identification systems that are powerful for institutions and invisible to individuals. Clearview’s database is not merely a technical tool. It redistributes power over identity.

Procurement became a civil liberties battleground

Police technology often enters public life through procurement rather than legislation. A vendor offers a trial. A department tests it. A contract follows. Use spreads across task forces or partner agencies. Public debate arrives later through records requests, lawsuits or leaks. Clearview’s history follows this pattern.

GAO’s findings about non-federal facial recognition tools show how procurement and tracking failures can undermine oversight. Agencies used systems owned by non-federal entities without consistently tracking which systems employees used or assessing risks. That is not a minor administrative flaw. It means democratic oversight can fail before a technology is even formally debated.

Procurement rules should ask questions that ordinary purchasing processes may miss. Does the vendor’s database include scraped biometric data? What legal basis supports collection? What jurisdictions have banned or fined the vendor? Does the vendor allow independent audits? Are searches logged? Can agencies export audit records? Are results retained? Can the vendor use agency-uploaded images to improve its database? What accuracy data exists for realistic investigative images and demographic groups? What disclosure language is required in court?

A facial recognition contract should not be treated like buying office software. It touches constitutional rights, privacy rights, equal protection concerns and criminal procedure. Agencies should not be allowed to avoid public debate by calling the tool a pilot, a lead generator or a subscription service.

Cities and states can act even without federal law. They can require council approval, public impact assessments, annual reporting, warrant rules, crime-category limits, audit logs, defense disclosure, and independent testing. They can ban certain uses outright. The Clearview case gives local governments enough evidence to stop treating face-search procurement as routine.

The international split is widening

Europe is moving toward explicit bans on untargeted facial scraping. Australia and Canada have treated Clearview’s practices as serious privacy violations. The United States has relied heavily on state law, litigation and agency policy. That divergence creates a global compliance puzzle.

Clearview’s own position reflects the split. It can argue in Europe that it lacks local establishments or customers, while continuing to serve law enforcement elsewhere. It can settle under Illinois law without accepting that every jurisdiction has the same rule. It can point to public safety use cases in the United States while facing deletion orders abroad.

For multinational AI companies, this split matters. A dataset collected globally may be legal in one jurisdiction, restricted in another and prohibited in a third. A company may not be able to maintain one global data pipeline without violating local rules. The easiest technical path — one large pooled database — may become the hardest legal path.

Data localization does not solve everything. If a U.S. company stores European faces in the United States and sells access outside Europe, European regulators may still claim jurisdiction based on processing of residents’ data. The UK proceedings show that territorial reach will be heavily litigated.

The split also affects police cooperation. Law enforcement agencies share leads across borders. If one country bans a tool and another uses it, evidence and intelligence can cross into prohibited territory. Courts and regulators will need rules for derivative use: what happens when an investigation in one jurisdiction relies on a face-search result generated in another?

Clearview is a preview of the next decade of AI enforcement. Data flows globally. Rights remain territorial. Vendors exploit gaps. Regulators try to stretch jurisdiction. Courts decide whether old legal categories can handle web-scale biometric systems.

The company’s growth raises unresolved deletion questions

Deletion sounds simple until it meets a biometric database at web scale. If a regulator orders Clearview to delete images of residents in a country, how does the company identify which images belong to those residents? Nationality and residency are often not visible from a face. Source URLs may not reveal location. A person may appear on foreign websites. Metadata may be missing or wrong. People move.

This creates a perverse problem. To determine whether a photo belongs to a resident of a jurisdiction, a company may need to process more data about the person. It may ask for a new photo from someone seeking removal so it can search the database for matches. Illinois residents gained an opt-out path through the ACLU settlement, but that process itself requires identity matching.

Deletion also has multiple layers. There is the original image. There is the face crop. There is the biometric template. There may be metadata, source links, search logs, derived embeddings, backups, model-training artifacts and customer-side exports. A meaningful deletion order must specify which layers are covered and require auditable proof.

Regulators often lack direct access to vendor systems. They may rely on company declarations, technical audits, penalties or litigation discovery. A foreign company can make verification hard. That weakens the remedy and creates incentives to delay.

The deletion question is one reason policymakers should focus on collection limits. Once a database exists, deletion becomes complex and contested. Preventing untargeted biometric scraping is cleaner than trying to unwind it later. The EU AI Act’s ban on creating or expanding facial recognition databases through untargeted scraping reflects that lesson.

The “open web” argument breaks down at web scale

The open web has always involved copying. Browsers copy pages to display them. Search engines crawl and index pages. Archives preserve pages. Researchers collect public data. Journalists use public posts. The internet would not function if every act of technical copying required individual negotiation.

Clearview’s activity is different because of scale, sensitivity and purpose. It did not merely make public information easier to find by topic. It made people findable by face. It did not merely process text. It extracted biometric identifiers. It did not merely serve general web users. It served police and state-linked users. It did not merely index a site’s page. It built a cross-platform identity database.

The open-web argument also ignores human context. A person may post a photo on Facebook with public visibility because they want friends, relatives, neighbors or event attendees to see it. They may not understand platform settings. They may be tagged by someone else. They may be a child. They may be in the background. They may later delete the post. A scraper can turn that moment into a durable record.

At small scale, society tolerates many uses of public information because practical limits protect people. A stranger could walk through a public park and see faces. That does not mean a company should create a permanent searchable biometric record of everyone in the park. Public observation and automated identification are not equivalent.

Scale changes the legal and moral character of data collection. Clearview’s defenders may argue that each source image was publicly reachable. Regulators responded that the combined system created mass surveillance. Both statements can be technically true, but only one addresses the social effect.

Facial recognition is becoming a proxy fight for AI governance

Clearview sits at the intersection of two regulatory waves: biometric surveillance and AI data scraping. Biometric surveillance raises questions about bodily identifiers, state power, anonymity and discrimination. AI data scraping raises questions about consent, copyright, contract, platform control, privacy and training-data rights. Clearview merges them into one case.

That is why the story keeps resurfacing. It is not only a scandal from 2020 or a Business Insider headline from 2023. It remains active because new legal developments keep testing the same underlying issue. In 2024, the Dutch fine renewed European pressure. In 2025, the U.S. class-action settlement received final approval, the UK Upper Tribunal addressed jurisdiction, and noyb filed an Austrian criminal complaint. Clearview’s own website now advertises a much larger database than early reports described.

For AI governance, Clearview answers one question and leaves another open. The answered question is whether lawmakers will tolerate untargeted facial scraping indefinitely. In Europe, the answer is now largely no. The open question is whether enforcement can stop companies that already built such databases and operate outside the jurisdiction.

The case also affects public trust in AI. People hear that their photos can be scraped, transformed into biometric identifiers and sold to police. That makes later claims about responsible AI harder to believe. Trust is not built by publishing principles after collection. It is built by limiting collection before harm.

Clearview’s controversy may make policymakers more willing to regulate other AI data practices. If public photos can become a police face-search database, public text can train chatbots, public art can train image systems, and public location traces can train behavior models. The same central question returns: what does public availability permit?

Technical and legal pressure points

The governance test for police face search

The table shows why facial recognition cannot be governed as a single software purchase. The risk sits in the chain: collection, database design, search conditions, officer interpretation, legal disclosure and cross-border enforcement. A strong rule at one point does not repair failure at the others.

Bias is not the only problem, but it is a serious one

Public debate often frames facial recognition around racial and gender bias. That concern is real. NIST’s demographic work documents demographic effects in false positives and false negatives, and its current demographic-effects page tracks differences by age, sex and race. Wrongful arrest cases involving Black people have made the issue concrete in the United States.

But bias is not the only problem. Even a perfectly equal system would still raise privacy concerns if it enrolled billions of people without consent. A perfectly accurate system could be more dangerous because it would make mass identification more reliable. A bias-free face-search database built from scraped images would still undermine anonymity, chill protest, expose vulnerable people and expand police power.

This distinction matters because vendors may answer civil liberties critiques with accuracy and fairness claims. Better performance is good, but it does not settle legitimacy. The question is not only “Does the system match faces correctly?” It is also “Was the database lawfully built?” “Should police have this search power?” “Can people opt out?” “Will searches be disclosed?” “Are some uses banned?” “Who audits the tool?” “What happens when the system is wrong?”

Bias debates can also obscure class and power. A wealthy person can reduce online exposure, hire lawyers, manage reputation and challenge misuse. A poor person may have no practical way to know they were searched or contest an error. A migrant, protester, sex worker, domestic violence survivor or political dissident may face risks that do not show up in an aggregate accuracy number.

The best governance approach treats bias as one layer. It requires demographic testing, but also consent rules, source restrictions, use limits, disclosure, independent corroboration and remedies. Clearview’s case shows that accuracy without legitimacy is not enough.

The database threatens anonymity in public

Anonymity in public is not absolute. People can be recognized by acquaintances, recorded by cameras, identified by police in lawful circumstances, or named by witnesses. But practical anonymity has always mattered. A person could attend a rally, walk into a clinic, visit a union meeting, worship at a religious service, or meet a journalist without expecting their face to be instantly searchable across the internet.

Face-search databases weaken that practical anonymity. They allow identification after the fact from images captured by phones, CCTV, body cameras, doorbells, drones or social media posts. Even if the tool is not used in real time, the knowledge that any image may later be searched can change behavior.

The EU AI Act recital on untargeted facial scraping refers to the “feeling of mass surveillance” and risks of gross fundamental-rights violations, including privacy. That phrase is politically important. Surveillance harms people not only when they are arrested. It harms them when they alter lawful behavior because they fear identification, tracking or future retaliation.

Clearview’s database also makes anonymity dependent on everyone else’s choices. You may avoid posting your own face. Someone else may upload a group photo. A news outlet may publish a crowd shot. A relative may tag you. A CCTV frame may leak. A face-search database only needs one usable image.

The right to move through public life without automatic identification is becoming a central civil liberties issue. Clearview made that issue visible because it showed how quickly public anonymity can be converted into searchable identity.

Courts are still catching up with algorithmic leads

Criminal procedure has tools for challenging eyewitness identification, forensic evidence, searches, warrants, expert testimony and discovery violations. Facial recognition strains those tools because it often appears early in an investigation and may be described as a lead rather than evidence. That label can keep it out of the courtroom even when it shaped the case.

A lead can still matter. If the lead names a suspect, police may build a lineup around that person. Witnesses may identify the person. Officers may seek a warrant. Prosecutors may charge. The facial recognition result may never be offered at trial, yet the case may not exist without it. Defense lawyers then need a way to challenge the origin.

Courts should require disclosure of face-recognition use when it materially contributed to identification. They should require preservation of query images, candidate lists, confidence scores or rankings, system information, search logs, officer notes and communications with the vendor or outside agency. They should allow defense experts to examine whether the process was suggestive, unreliable or inconsistent with policy.

The Robert Williams case shows the human cost when safeguards fail. The ACLU says Williams was wrongfully arrested after a false face-recognition match and detained for about 30 hours. Detroit’s later policy reforms show that litigation can force better rules, but reform after wrongful arrest is a slow remedy for the person harmed.

Judges also need to understand database source. A search against a mugshot database is not the same as a search against a web-scraped database of tens of billions of faces. The legal issues differ. The defense issues differ. The privacy issues differ. Treating all facial recognition as one category hides the most important differences.

Clearview’s database turns children into biometric subjects

One under-discussed issue is children. Social media and the public web contain countless images of minors: school events, sports teams, family posts, local news, missing-person appeals, charity pages, public ceremonies and scraped profile images. Children cannot meaningfully consent to long-term biometric enrollment, and parents often do not understand future face-search uses when posting images.

If a child’s face is scraped, the biometric record may persist into adulthood. The person may never know. A childhood image may later help identify an adult through facial similarity if the database and model support it. Even if age progression affects accuracy, the privacy issue remains: the child was enrolled without agency.

Clearview and its defenders often cite child exploitation investigations as a public-safety benefit. That use case has emotional force. Identifying victims of child abuse is urgent and legitimate. The question is whether protecting some children requires enrolling all children whose images appear online into a police-search database. That is a policy choice, not a technical inevitability.

A narrower model would use targeted, legally authorized datasets for specific child-protection investigations, with strict oversight and deletion. A broader model scrapes the open web and keeps expanding. Clearview represents the broader model. Critics argue that the benefit of some investigations does not justify the indiscriminate capture of children’s faces.

Regulators should treat minors’ biometric data as a heightened category. Any face-search system built from public images should be required to explain how it handles children, whether it detects and excludes minors, whether it permits searches involving minors, and what deletion rights exist as children reach adulthood. Without those answers, the system quietly turns childhood visibility into lifelong biometric exposure.

The press played a regulatory role

Clearview did not become a global policy issue because regulators discovered it first. Investigative journalism brought the company into public view. The New York Times reporting in January 2020 triggered platform responses, political scrutiny and litigation. Axios reported that major platforms sent cease-and-desist letters in the wake of that report. Later reporting by Business Insider, Reuters, The Guardian and others kept the enforcement and database-growth story visible.

This pattern matters for AI accountability. Regulators often lack visibility into private datasets and vendor trials. Police agencies may not disclose tools proactively. Companies may describe products in sanitized language. Journalists, civil society researchers, public-records requests, whistleblowers and lawsuits often provide the first real map.

The dependence on journalism is both valuable and fragile. Newsrooms have limited resources. Many AI systems will not receive Clearview-level attention. Local police contracts may be missed. Smaller vendors may operate with less scrutiny. A mature governance system cannot rely on investigative reporting as the first line of defense.

Still, journalism shaped this case. It gave the public specific facts: the scraped photos, the police users, the platform letters, the database scale, the company’s defenses and the regulatory backlash. Those facts changed the lawmaking environment. The EU AI Act’s explicit ban on untargeted facial scraping did not appear in a vacuum. Clearview made the practice legible.

Transparency should not depend on scandal. Police agencies and AI vendors should be required to disclose face-search systems before deployment, not after journalists uncover them.

The role of Meta is complicated

Meta, Facebook’s parent company, objected to Clearview’s scraping and said it had taken measures against unauthorized scraping. That does not make Meta a simple privacy hero. Facebook itself has faced major privacy controversies, including biometric privacy litigation over face-tagging features. The platform’s business model is built around data collection and targeted advertising. Its interest in preventing scraping overlaps with user privacy, but also with protecting its own data environment.

The Clearview case still shows that platform users depend on platform defenses. If Meta fails to prevent scraping, users bear the downstream risk. If Meta’s public-sharing settings are confusing, users may expose more than they intend. If Meta detects scraping only after large-scale collection, remedies become weak. Platform governance and biometric governance are connected.

There is also a public-policy dilemma. Giving platforms stronger power to block scraping may protect privacy in cases like Clearview. It may also strengthen dominant platforms against researchers, archivists, competitors and journalists. Not all scraping is abusive. Researchers scrape to study discrimination, misinformation, housing ads, labor markets, public health or platform manipulation. Journalists scrape to investigate power. Blanket anti-scraping law can protect privacy and hide misconduct at the same time.

The better distinction is purpose, sensitivity and downstream harm. Scraping public data for accountable research is different from scraping faces to build a police identification database. Law should not treat those activities as equivalent. Clearview’s conduct sits at the high-risk end because it combines biometric extraction, massive scale, lack of consent and law enforcement access.

Meta’s role is therefore double-edged. It was a victim of scraping in one sense and a gatekeeper in another. Users need platforms to reduce unauthorized extraction, but society should not outsource the definition of public-interest data use to platforms alone.

Clearview exposed the weakness of notice-based privacy

Modern privacy law often relies on notice: tell people what data is collected, why, for how long and with whom it is shared. Clearview’s model makes notice nearly impossible after the fact. The company did not have direct relationships with most people in the database. It did not collect their photos from them. It collected from third-party websites. It could not realistically notify billions of people individually before processing.

That impossibility is not a defense. It is evidence that the model conflicts with notice-and-consent privacy. If a business model cannot function while giving people meaningful notice and choice, lawmakers must decide whether the model is allowed, restricted or banned.

Illinois BIPA is unusually strong because it does not accept vague notice after collection. It requires informed written consent before a private entity collects, captures, purchases, receives through trade or otherwise obtains biometric identifiers or biometric information. That structure made Clearview vulnerable in Illinois because the company’s collection method did not involve prior written releases from the people whose faceprints were allegedly captured.

GDPR-style law approaches the issue through lawful basis, transparency, rights of access and erasure, special-category data restrictions and proportionality. French and Italian regulators found that Clearview lacked a proper legal basis and failed transparency and individual-rights duties. Australia focused on sensitive information, unfair collection and notice failures. Different legal systems reached similar conclusions because the underlying business model bypassed the person.

Notice-based privacy breaks when companies collect from the world rather than from customers. That is one reason AI regulation is moving toward outright bans for certain collection practices. Some data uses cannot be repaired with longer privacy policies.

The next fight will be about derivative systems

A major unresolved question is what happens to systems built from unlawfully collected biometric data. If a database is illegal in one jurisdiction, must the company delete only source images? Must it delete face embeddings? Must it delete models trained on those embeddings? Must it delete search indexes? Must it delete customer logs? Must customers delete results? Can the company rebuild from “clean” data? How clean is clean enough?

These questions matter for AI broadly. When data is scraped and transformed into model weights, embeddings or indexes, deletion becomes harder to define. Clearview’s system is more database-like than many generative AI systems, because search requires retained face representations and source links. But the same derivative-data problem appears across machine learning.

Regulators need technical specificity. A deletion order that says “delete data” may be too vague. A meaningful order should cover original images, crops, biometric templates, vectors, metadata, source URLs, backups, search indexes and any internal datasets used to improve recognition. It should also require deletion from training, validation and testing sets where applicable. It should specify audit methods and customer notification duties.

Customers matter because police agencies may retain search results. A Clearview search could produce a report, screenshot, candidate image, URL, name or investigative note. If the underlying database entry is later deleted, the customer-side derivative may remain. Privacy law often focuses on the controller or vendor. Police records law, evidence preservation and public-records rules complicate deletion downstream.

The derivative-system issue is where AI enforcement often becomes real or symbolic. If regulators cannot reach derived assets, companies may keep much of the value created by unlawful collection. If regulators can require deletion of derived assets, enforcement becomes far more powerful but technically and legally contested.

Clearview’s case will shape police AI beyond faces

Police AI is moving beyond facial recognition. Agencies are experimenting with predictive analytics, license-plate-reader networks, social media monitoring, gunshot detection, video analytics, body-camera analysis, object recognition, language translation, report-writing tools and AI-generated investigative leads. Clearview’s case offers a governance template for all of them.

The template begins with source data. Where did it come from? Was it collected legally? Does it contain sensitive personal data? Was consent required? The second step is purpose. Was the data collected for one reason and reused for another? The third is operational use. Who can query the system, under what standard, for what crimes, and with what logging? The fourth is error. What happens when the system is wrong? The fifth is disclosure. Does the affected person ever learn the system was used?

Facial recognition is especially sensitive, but the same chain applies to other tools. A predictive system trained on biased police data can target neighborhoods. A social-media monitoring tool can chill speech. A report-writing system can launder algorithmic assumptions into official records. A license-plate network can reconstruct movement. AI does not need to identify faces to change policing.

Clearview also teaches that public agencies should not rely on vendor ethics statements. They need enforceable contracts, public policies and external oversight. Vendor claims about accuracy, purpose and safeguards should be tested. Agencies should publish impact assessments before deployment and usage reports after deployment. Courts should require disclosure when AI systems contribute to identification, suspicion, risk scoring or evidence.

The police AI question is not whether technology may ever assist investigations. It is whether democratic institutions can keep coercive technology inside legal boundaries. Clearview shows what happens when a tool becomes operational before those boundaries are drawn.

The market signal to AI founders is changing

For a period, the market rewarded AI companies for assembling the largest possible datasets. Bigger data suggested better models, stronger network effects and defensible products. Clearview followed that logic with faces. The larger the database, the more likely a query could return a useful match. The company’s current public claim of 70+ billion images shows that scale remains central to its pitch.

Regulation is changing the market signal. A dataset can now be an asset and a liability at the same time. Investors, customers and acquirers have to ask whether a dataset was lawfully built. A company with a huge dataset may face deletion orders, fines, class actions, procurement bans, customer restrictions and reputational risk. The asset may be hard to insure, hard to sell and hard to defend in due diligence.

The 2025 Clearview class-action settlement illustrates that tension. Reuters reported that class members could receive a potential 23 percent stake tied to future company value, while the possible fund could be based on a percentage of the company’s value if it goes public, merges, sells or liquidates. In practical terms, the company’s future value is entangled with claims over the data practices that built it.

AI founders should read that as a caution. If the dataset creates the product, legal defects in the dataset infect the company. A startup cannot assume that growth will wash away provenance problems. Growth may make them larger.

Customers should also adjust. Police agencies, government buyers and enterprise clients should demand provenance warranties, audit rights, indemnities and clear deletion obligations. They should ask whether any regulator has ordered the vendor to stop processing or delete data. They should ask whether the product would comply with the EU AI Act’s prohibition on untargeted facial scraping if offered in Europe. A cheap or powerful tool can become expensive when litigation arrives.

The public needs rights that do not depend on finding themselves

A person cannot exercise rights over a database they do not know contains them. Clearview’s model makes individual action difficult because most people have no way to know whether they are included. Even if a person suspects inclusion, verifying it may require submitting another face image to the company. That is a poor privacy bargain.

Rights should not depend entirely on individual discovery. Regulators and courts should require database-level accountability. Vendors should have to publish categories of sources, collection periods, jurisdictions, deletion procedures, customer types, audit summaries and law enforcement-use statistics. They should provide meaningful opt-out or deletion rights where the law allows the database to exist. For high-risk biometric systems, independent audits should not be optional.

Police agencies should publish their own usage. How many searches were run? For what crime categories? Which systems were used? How often did searches lead to arrests? How often were results rejected? Were any errors found? Were defendants notified? Were searches run on protest images, immigration matters, minor offenses or victims? Without those answers, the public cannot evaluate necessity or proportionality.

Individual rights also need collective enforcement. BIPA’s private right of action made the ACLU settlement possible. GDPR regulators brought European actions. The OAIC and Canadian commissioners issued determinations and findings. Civil society groups such as noyb, ACLU and Privacy International pushed the issue. One person cannot realistically fight a 70-billion-image database alone.

Biometric privacy needs collective remedies because biometric surveillance is a collective harm. It affects the social conditions of anonymity, protest, association and movement, not only isolated data subjects.

The most defensible uses require narrow databases

There is a version of facial recognition that is easier to defend: narrow, consent-based, purpose-limited, auditable and time-limited. A phone unlocking system uses a face template stored on the device. A border-control system uses passport or visa images under statutory authority. A missing-person search may use a targeted dataset with judicial approval. A victim-identification tool may operate under strict child-protection rules.

Clearview chose the opposite architecture: broad, scraped, cross-platform, persistent and searchable for many investigations. That architecture maximizes utility but also maximizes civil liberties risk. The controversy follows from the architecture, not only from bad messaging.

Policy should distinguish narrow from broad uses. A blanket debate over “facial recognition” can miss the point. One-to-one verification with consent is different from one-to-many identification against billions of scraped images. A locked-device feature is different from a police search engine. A targeted warrant-based search is different from continuous database expansion from the internet.

The EU AI Act’s provision on untargeted scraping makes this distinction. It does not ban every biometric system. It prohibits a particular database-building practice because that practice creates mass-surveillance risk.

U.S. lawmakers should make similar distinctions. A federal biometric law could require consent for private collection, ban profit from faceprints without authorization, impose strict police-use rules, require warrants or court orders for certain searches, prohibit untargeted scraping for face databases, and create a private right of action. The absence of federal law leaves courts to patch the system case by case.

The Clearview story is not finished

Clearview has survived platform backlash, civil litigation, regulatory findings, fines and public criticism. Its website still markets facial recognition for law enforcement and related uses, still claims a massive database, and still frames the product around crime reduction, public safety and national security.

The legal record keeps moving. The U.S. class-action settlement received final approval in March 2025. The UK Upper Tribunal decision arrived in October 2025, with later permission to appeal noted by the ICO. Noyb filed its Austrian criminal complaint in October 2025. The EU AI Act’s prohibition on untargeted facial scraping now sets a legislative marker for future enforcement.

The outcome will influence more than Clearview. If regulators and courts manage to impose deletion, payment, customer restrictions or executive liability across borders, the AI scraping market will feel it. If Clearview continues operating largely through jurisdictional resistance, other companies may conclude that scale-first collection remains profitable.

The public should not treat the case as a settled scandal from the past. The database is larger now than when most people first heard the company’s name. The legal issues are sharper. The AI economy is more dependent on scraped data. Police interest in AI tools is broader. The stakes have grown.

Clearview’s case asks a question every AI regulator now faces: does the fact that data is visible make it available for any machine, any purpose and any buyer? The answer will shape not only facial recognition, but the rules of the next data economy.

Practical rules that would reduce the harm

A workable policy response does not need to wait for perfect federal legislation. Governments can act at several levels. Police agencies can ban use of face-search systems built from untargeted scraped images. City councils can require approval before procurement. Courts can require disclosure when facial recognition contributes to identification. State lawmakers can adopt biometric privacy laws with consent rights and private enforcement. Regulators can require deletion audits. Procurement offices can reject vendors that cannot prove lawful data provenance.

For law enforcement, the minimum rules should be strict. Face recognition should never be the sole basis for arrest. Officers should document the query image, system used, date, operator, candidate list, confidence information and follow-up steps. Agencies should require independent corroboration unrelated to the face-search result. Searches should be limited to serious crimes or clearly defined investigative purposes. Supervisory approval should be required. Defense disclosure should be mandatory when a search contributes to a suspect’s identification.

For vendors, the minimum rules should start earlier. No untargeted facial scraping. No biometric processing without a clear legal basis. No use of children’s images without special authority. No customer access without logs. No claims of accuracy without independent, scenario-relevant testing. No retention without a deletion schedule. No cross-border processing that evades local rights.

For platforms, anti-scraping efforts should become part of safety infrastructure. Platforms should detect automated extraction of face-heavy media, limit bulk access, support privacy-preserving sharing defaults, and provide users with clearer controls. They should also support legitimate research access through governed channels so privacy protections do not become a pretext for blocking accountability work.

For individuals, the options are limited but not meaningless. People can reduce public face exposure, adjust social media visibility, avoid unnecessary tagging, ask friends and organizations to remove images, and use jurisdiction-specific opt-out tools where available. These are defensive measures, not a fair allocation of responsibility. The burden should not sit mainly on individuals.

The deeper lesson is about power, not photos

The Clearview story began with photos, but the lasting issue is power. Who gets to identify whom? Who controls the infrastructure of recognition? Who decides that a face posted for one purpose can be reused for another? Who bears the risk of errors? Who profits from the database? Who can demand deletion? Who can audit police searches? Who knows when they were searched?

Clearview’s system made identification cheap for institutions and opaque for individuals. That is the power shift. The company’s defenders point to solved crimes and victim identification. Those benefits may be real. The critics point to mass enrollment, weak consent, hidden police use, wrongful arrest risk and chilling effects. Those harms are also real.

A society does not need to reject every investigative technology to reject a biometric free-for-all. It can allow narrow, accountable uses while banning indiscriminate scraping. It can support victim identification while refusing permanent enrollment of everyone online. It can permit police leads while requiring disclosure and corroboration. It can value public safety while protecting public anonymity.

The mistake is to treat the open internet as a consent machine. It is not. It is a messy human record filled with faces that appeared for reasons unrelated to police search. Clearview saw that record as a dataset. Regulators increasingly see it as a warning.

The central privacy principle should be simple: a face made visible for human life should not automatically become raw material for biometric surveillance. Clearview AI forced the world to confront that principle. The final answer will come from courts, legislatures, regulators, police departments, platforms and the public pressure that keeps the issue alive.

Questions readers ask about Clearview AI, facial recognition and scraped photos

Author:
Jan Bielik
CEO & Founder of Webiano Digital & Marketing Agency

This article is an original analysis supported by the sources cited below

Clearview AI facial recognition
Clearview AI’s public website describing its law enforcement facial recognition platform, claimed database scale, use cases and public-facing product positioning.

In big win, settlement ensures Clearview AI complies with groundbreaking Illinois biometric privacy law
ACLU of Illinois announcement describing the 2022 settlement restrictions under Illinois’ Biometric Information Privacy Act.

ACLU v. Clearview AI
ACLU case page summarizing claims, settlement terms and the role of Clearview’s faceprint database in biometric privacy litigation.

The Information Commissioner’s Office v Clearview AI Inc
UK government case page for the 2025 Upper Tribunal decision on data protection jurisdiction and Clearview AI.

UK Upper Tribunal hands down judgment on Clearview AI Inc
ICO statement summarizing the UK tribunal judgment, the earlier ICO fine and enforcement notice, and later appeal status.

The French SA fines Clearview AI EUR 20 million
European Data Protection Board summary of France’s CNIL enforcement action against Clearview AI.

Facial recognition Italian SA fines Clearview AI EUR 20 million
European Data Protection Board summary of Italy’s enforcement action, including fine, processing ban and erasure order.

Clearview AI breached Australians’ privacy
Australian OAIC announcement on the 2021 determination finding Clearview breached Australian privacy law.

Statement on Clearview AI
OAIC 2024 update confirming the original Australian determination and deletion declarations remained in place.

Clearview AI’s unlawful practices represented mass surveillance of Canadians, commissioners say
Office of the Privacy Commissioner of Canada news release describing Clearview’s practices as mass surveillance.

Joint investigation of Clearview AI, Inc.
Canadian federal and provincial privacy commissioners’ joint investigation into Clearview AI’s collection, use and disclosure of personal information.

Clearview AI faces criminal complaint in Austria for suspected privacy violations
Reuters report on noyb’s 2025 Austrian criminal complaint and Clearview’s claimed global image scale.

Criminal complaint against facial recognition company Clearview AI
Noyb statement on its criminal complaint against Clearview AI and its view of failed administrative enforcement.

Clearview AI fined by Dutch agency for facial recognition database
Reuters report on the Dutch data protection authority’s €30.5 million fine and Clearview’s jurisdictional response.

US judge approves novel Clearview AI class action settlement
Reuters report on the 2025 approval of Clearview’s nationwide privacy class-action settlement.

In Re Clearview AI Inc Consumer Privacy Litigation
Justia publication of the federal court memorandum opinion and order granting final approval of the settlement.

Clearview AI scraped 30 billion images from Facebook and other social media sites
Business Insider report on Clearview’s 30-billion-image database, Facebook and social media scraping, police use and company response.

Facebook has sent a cease-and-desist letter to facial recognition startup Clearview AI
Business Insider report on Facebook’s 2020 cease-and-desist demand over Clearview’s alleged scraping.

Tech giants hammer facial recognition startup
Axios report on cease-and-desist letters from major technology platforms and early law enforcement use reporting.

Facial recognition technology federal law enforcement agencies should better assess privacy and other risks
U.S. Government Accountability Office report on federal law enforcement use of facial recognition and weak tracking of non-federal systems.

Facial recognition services federal law enforcement agencies should take actions to implement training and policies for civil liberties
GAO report on federal agency training, policy and civil liberties gaps in facial recognition services.

Face recognition vendor test part 3 demographic effects
NIST publication page for the demographic-effects study on face recognition performance differences.

Demographic effects in face recognition
NIST FRTE demographic-effects page tracking current indicators for false positive and false negative demographic effects.

Artificial Intelligence Act MEPs adopt landmark law
European Parliament announcement summarizing the AI Act’s bans, including untargeted scraping of facial images for facial recognition databases.

Regulation EU 2024/1689 Artificial Intelligence Act
Official EUR-Lex text of the EU AI Act, including Article 5 prohibitions and penalty provisions.

Illinois Biometric Information Privacy Act
Official Illinois statutory text defining biometric identifiers, consent requirements, retention duties and private right of action.

Williams v. City of Detroit
ACLU case page on Robert Williams’ wrongful arrest after a false facial recognition match.

Civil rights advocates achieve the nation’s strongest police department policy for facial recognition technology
ACLU of Michigan statement on Detroit facial recognition reforms following wrongful arrest litigation.