A. Unauthorized Collection of Facial Recognition Data

One morning in January 2020, New York Times reporter Kashmir Hill discovered a peculiar app.

Built by Australian developer Hoan Ton-That, the app could take a photo of someone, upload it, and within one second reveal who that person was, where they worked, and what they had done online. The app was called Clearview AI.

The moment Kashmir Hill understood how this app worked, she decided to write the story.

A face is not like a password. If your password leaks, you change it. If you lose your credit card, you get a new one. But you cannot change your face. Your face is an unalterable ID card you carry for life. The moment someone copies that ID card and puts it in a database, you become a product stamped with a permanently trackable barcode. This is why biometric data is fundamentally different from other personal information.

(1) Clearview AI U.S. BIPA Class Action Settlement

Hoan Ton-That scraped photos from Facebook, Instagram, LinkedIn, and Venmo.

Scraping refers to programs that automatically collect information from web pages. It is not like borrowing a book from a library. It is like feeding every book in the library through a photocopier.

He collected more than 30 billion facial images this way. From those images he extracted the geometric structure of each face, the distances between eyes, nose, and mouth, the angle of the jawline, and similar features, creating digital fingerprints called "face templates."

This database was sold to police. When an officer uploaded a suspect's photo, Clearview AI would find every matching photo and link across the internet. It was a convenient tool. But there was one problem. Not a single person whose photo was in that database had ever consented to having their face used this way.

This is where Illinois enters the picture. In 2008, this Midwestern state passed a unique law.

The Biometric Information Privacy Act, or BIPA. This law requires companies to obtain written consent before collecting or storing an individual's biometric data. And it contains one provision that makes it fearsome: victims can file lawsuits themselves. Most privacy laws work by having the government punish companies. BIPA gave individual citizens the power to take companies to court.

The litigation dam burst.

By January 2021, eleven class action lawsuits filed in Illinois, California, New York, and Virginia were consolidated in the U.S. District Court for the Northern District of Illinois. The plaintiffs' argument was straightforward. Clearview AI collected our faces without our consent. Under BIPA, that means statutory damages of at least $1,000 to $5,000 per violation. Illinois has a population of 12 million. Run the numbers and you get an astronomical figure.

The problem was that Clearview AI was a startup. No matter how high its valuation, it had no cash. It could not pay billions of dollars in damages. So in June 2024, an unprecedented settlement was reached. Instead of cash, the company would give equity.

On March 20, 2025, U.S. District Judge Sharon Johnson Coleman gave final approval to the settlement. Clearview AI agreed to provide the plaintiffs with a 23% stake in the company, valued at approximately $51.75 million. The judge found the settlement "fair, reasonable, and adequate when compared to similar BIPA settlements." The agreement came with additional conditions.

Clearview AI was permanently banned from selling database access to private companies and individuals in the United States. It was prohibited from providing services to any entity in Illinois, including police, for five years. The dream of becoming "a Google where you can search anyone's face" became illegal, at least in the American private market.

I will now explain the controversies within the European Union regarding this service, its entanglement with the Trump administration, and how it became a spearhead in the destruction of the Fourth Amendment's warrant requirement.

In the summer of 2025, a small startup based in New York ranked 710th on the Inc. 5000 list, a ranking of the fastest-growing companies in America. A year earlier, the company had been at 1,820th. It jumped 1,100 spots. It was Clearview AI.

During the same period, the company had been hit with fines totaling more than 100 million euros (approximately 145 billion Korean won) across Europe. The Netherlands: 30.5 million euros. France: 25.2 million euros. Italy: 20 million euros. Greece: 20 million euros. The United Kingdom: 7.5 million pounds. The reason was the same everywhere. You stole people's faces.

Clearview AI did not pay a single cent.

A Company Built by Grinding Up Faces. Hoan Ton-That was a developer from Australia. In 2017, in Manhattan, he had a simple idea. Billions of photos are publicly available on the internet. What if he extracted faces from those photos and analyzed the geometric patterns of each face to create digital fingerprints? With just one photo of someone, he could track down every trace that person had left online.

He used a technique called scraping. He collected photos from Facebook, Instagram, LinkedIn, and Venmo. Not like borrowing a book from a library, but like feeding every book in the library through a photocopier. As of 2025, his database holds more than 30 billion facial images. That is enough to contain the face of every human on Earth more than seven times over.

He sold this database to police. When an officer uploaded a suspect's photo, the person's identity and online activity record appeared on screen within one second. It was a convenient tool.

There was one problem. Not a single owner of those 30 billion photos had ever consented to having their face used this way.

Europe's Fury. Starting in 2022, European data protection authorities began investigating Clearview AI one after another. The conclusion was the same in every country. Illegal.

France's data protection authority, CNIL, imposed a fine of 20 million euros in October 2022. When Clearview AI failed to comply with the order to delete data, CNIL added another 5.2 million euros in May 2023. Italy and Greece each imposed 20 million euros as well.

In September 2024, the Dutch Data Protection Authority sent the strongest message. Alongside a fine of 30.5 million euros, Chair Aleid Wolfsen issued an extraordinary warning.

"We are investigating whether we can prosecute this company's directors personally. If the executives knew about the GDPR violations and had the authority to stop them but chose not to, they bear personal liability."

Chair Wolfsen had effectively issued a European travel ban on Clearview AI's executives.

Jack Mulcaire, Clearview AI's chief legal officer, responded: "Clearview AI has no place of business in the Netherlands or the EU. The GDPR does not apply to us."

The United Kingdom took a different path. In May 2022, the UK Information Commissioner's Office (ICO) imposed a fine of 7.5 million pounds. Clearview AI appealed, and in October 2023 the first-instance tribunal delivered a surprising ruling. The ICO had no jurisdiction. The judge's reasoning went like this: Clearview AI's customers are all foreign law enforcement agencies. Foreign national security and law enforcement fall outside the scope of UK GDPR. Therefore Clearview AI also falls outside its scope.

The ICO appealed. In June 2025, a three-day hearing took place in the Upper Tribunal. Privacy International, a civil liberties organization, intervened on the ICO's side.

On October 7, 2025, the Upper Tribunal overturned the first-instance ruling. The central issue was the definition of "behavior monitoring." Clearview AI argued it was not actively surveilling people. It was merely collecting publicly available photos.

The court disagreed. "Behavior monitoring includes the passive collection, categorization, and storage of data. Preparing data so that third parties can use it for profiling purposes is itself monitoring."

The final sentence of the ruling was striking. "This case is remitted to the First-tier Tribunal for a hearing on the merits. The ICO does have jurisdiction."

Clearview AI stated it would appeal.

A Peculiar Settlement in America. While fines rained down in Europe, a different kind of battle was unfolding in the United States.

Illinois was the only state that had enacted the Biometric Information Privacy Act (BIPA) in 2008. What made this law unique was that victims could sue companies directly. Most privacy laws allow only the government to punish companies. BIPA gave individual citizens the right to bring lawsuits.

In January 2021, eleven class action lawsuits from four states, including Illinois, were consolidated into one. The plaintiffs' argument was straightforward. Clearview AI collected our faces without our consent. Under BIPA, damages of $1,000 to $5,000 per violation are possible. Illinois has 12 million residents. Run the numbers and you reach billions of dollars.

The problem was that Clearview AI had no cash. It was a startup. No matter how high the company's valuation, it did not have the money to pay damages. In June 2024, an unprecedented settlement was announced. Instead of cash, the company would hand over equity.

On March 20, 2025, U.S. District Judge Sharon Johnson Coleman gave final approval. Clearview AI will provide the plaintiffs with a 23% stake in the company, valued at approximately $51.75 million. The stake will be converted to cash when the company goes public or is acquired.

Attorneys general from 22 states filed objections. Their argument went like this: this settlement ties victims' compensation to Clearview AI's future success. The victims become shareholders of the very company that violated their privacy. Is this a "fair, reasonable, and adequate" settlement?

The judge ruled that it was. "Litigation costs could bankrupt the company, and then the victims would receive nothing. This settlement is the realistic option."

A peculiar outcome was born. The more successful Clearview AI becomes, the larger the victims' payout grows. The victims now have a reason to root for Clearview AI's success.

The Honeymoon with the Federal Government. In February 2025, Hoan Ton-That stepped down from the CEO position. He had been demoted from the top executive role in December 2024, and now he left the management front entirely. He remained on the board of directors.

Hal Lambert and Richard Schwartz took over as co-CEOs. Lambert was an early investor who had participated in fundraising for President Trump's campaign. Schwartz was a co-founder. The new leadership's strategy was clear: the federal government.

On September 5, 2025, Homeland Security Investigations under Immigration and Customs Enforcement (ICE) signed a $9.2 million contract with Clearview AI. It was the largest federal contract in the company's history, four times the $2.3 million contract from 2021.

The contract specified two purposes: investigating child sexual exploitation crimes, and investigating "assaults on law enforcement officers."

The second purpose drew controversy. With the Trump administration's mass deportation operations underway, there were concerns that facial recognition technology could be used to identify people who resist ICE agents.

There was an irony here. In Illinois, Clearview AI is prohibited from providing services to police. That was one of the conditions of the BIPA lawsuit settlement. But the prohibition does not apply to federal agencies. ICE agents can use Clearview AI in Illinois. Local police cannot use the same technology that federal agents freely use in the same location.

Clearview AI's annual recurring revenue in 2025 is $16 million. Co-CEO Lambert said he would triple it next year. The company's private market valuation is estimated between $1.2 billion and $1.6 billion. An initial public offering (IPO) is expected in the third or fourth quarter of 2025.

Total fines imposed in Europe: approximately 100 million euros. Amount paid by Clearview AI: zero euros.

Total settlements in the United States: $51.75 million (in equity). Cash spent by Clearview AI: zero dollars.

Total federal government contracts: $9.2 million (2025 ICE contract alone). Expected IPO valuation: $1.2 billion to $1.6 billion. Dutch Data Protection Authority chair Wolfsen was blunt: "Other data protection authorities have already fined Clearview AI, but the company does not seem to change its behavior."

The problem is enforcement. Clearview AI has no office in Europe. No employees. No bank accounts. All European data protection authorities can do is impose fines. There is no way to collect the money.

International law has no mechanism for enforcing administrative fines across borders. The GDPR is called "the world's first global data protection law," but if a company headquartered in the United States decides to ignore European regulations, there is currently no way to compel compliance.

A legal consultant in the United Kingdom put it this way: "The Upper Tribunal's ruling is a victory for the ICO. But it may be a hollow victory. What method is there to enforce a 7.5 million pound fine against a company with no assets in the UK?"

Surveillance Without Warrants: The Constitutional Blind Spot. The most fundamental debate surrounding Clearview AI has not yet been squarely addressed in court: the Fourth Amendment and the warrant requirement.

The Fourth Amendment is explicit: "The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated, and no Warrants shall issue, but upon probable cause, supported by Oath or affirmation, and particularly describing the place to be searched, and the persons or things to be seized."

In plain terms, it means this: if the police want to search your home, they must go to a judge and obtain a warrant. They must explain specifically why they need to search you and what they are looking for. This is the principle the U.S. Constitution has upheld since the founding of the nation.

Clearview AI bypasses this principle. A police officer uploads a single photo taken on the street to Clearview AI. Within one second, that person's name, social media accounts, and online activity records appear on screen. No warrant is required. No judicial approval is needed. The person does not even need to be a criminal suspect. Anyone can be searched.

A paper from Fordham University School of Law addressed this issue directly: "Using Clearview AI to support warrant applications runs counter to established legal standards." The paper advanced two core arguments. First, the Supreme Court has recognized that constitutional protections in the digital age must adapt to technological advances. Second, Clearview AI searches demonstrate the unique capacity of digital surveillance to circumvent traditional privacy safeguards.

There is a more serious problem: errors.

In Detroit, a man named Robert Williams was arrested in front of his family. A facial recognition system had identified him as a theft suspect. He was innocent. In New Jersey, a man named Nijeer Parks was jailed for ten days. Again, it was a facial recognition error. Both men were Black.

Studies consistently report that facial recognition technology produces higher error rates for people of color. A single incorrect match can send an innocent person to jail. And through all of this, no warrant is required.

In 2021, Democratic and Republican lawmakers together introduced the "Fourth Amendment Is Not For Sale Act." The bill had two core provisions: prohibiting the purchase of data from services like Clearview AI, and requiring a warrant to obtain location information.

Kate Ruane, senior legislative counsel at the ACLU, said: "This bill would prevent government agencies from circumventing constitutional protections by purchasing data they could not obtain without a warrant." The bill did not pass.

The Grand Confusion That Clearview AI Revealed. Clearview AI's story exposes the tensions between technology and law, privacy and safety, borders and jurisdiction.

On one side, people say the company helps catch criminals, find missing children, and rescue trafficking victims. The company's website lists success stories: police solving decades-old cold cases.

On the other side, people say the company violated the privacy of people around the world. It collected faces without consent to build a database. It created a world where anyone can be tracked. And above all, it used technology to neutralize the warrant requirement that the Fourth Amendment upheld for more than 200 years.

Clearview AI is illegal in Europe. In the United States, it is one of the fastest-growing companies. Illinois police cannot use it, but ICE agents operating in the same state of Illinois can. The victims became shareholders and now find themselves in the position of hoping for the company's success. Constitutional scholars warn it violates the warrant requirement, but the federal government paid $9.2 million to purchase the service.

30 billion facial images. 100 million euros in fines. A $9.2 million government contract. A $1.6 billion valuation. And millions of faces searched without a single warrant.

Some call this the end of privacy. Some call it a revolution in public safety. Some call it a constitutional blind spot. No answer has emerged yet. Perhaps there is no answer. One thing is certain: your face is likely already in that database. And the police do not need a warrant to search for you.

(2) The Rite Aid Case: FTC Order Banning Facial Recognition Use

If Clearview AI built the tools of surveillance, Rite Aid was the company that used them.

This pharmacy chain, spread across the United States, adopted facial recognition technology to prevent theft. The logic was straightforward.

Put the faces of past shoplifters into a database, and when they walk into a store again, trigger an alert. It seemed like an efficient way to cut costs while tightening security.

But the system had a fatal flaw. It was not accurate.

From 2012 to 2020, Rite Aid contracted with two outside vendors to build a "subjects of interest" database. It included photos of past theft suspects, low-resolution images captured from CCTV, and even photos taken on employees' personal phones.

Rite Aid never verified the quality of these images. It never tested accuracy. The vendors' contracts included a disclaimer stating they "make no guarantees regarding the accuracy or reliability of results."

The results were predictable. The system generated thousands of false positives. It matched a shoplifter registered thousands of miles away with a customer walking into a store. It flagged the same person as a thief repeatedly at dozens of stores across the country. According to the Federal Trade Commission (FTC) investigation, the errors were not random. False identification rates were disproportionately high among Black, Asian, and female customers. Innocent people were accused of theft. Employees rushed over and followed customers around the store. They made people open their bags. They publicly humiliated them in front of family and friends. Some were reported to the police. This was not a technical glitch. It was automated discrimination.

On December 19, 2023, the FTC announced a historic action: a complete ban on Rite Aid's use of facial recognition technology for the next five years.

It was the first time the FTC had issued a use prohibition against a private company for facial recognition misuse. Samuel Levine, Director of the FTC's Bureau of Consumer Protection, said: "Rite Aid's reckless use of facial surveillance systems inflicted humiliation and other harms on its customers."

The prohibition order included stronger provisions.

Rite Aid was required to delete all facial photos and video collected through its past system. It also had to destroy all AI models and algorithms built using that data. This is called "Algorithmic Disgorgement."

The principle is that AI models trained on unlawfully collected data must be destroyed along with their outputs. The logic follows the fruit of the poisonous tree doctrine: fruit from a poisoned tree is also poisoned.

The Rite Aid case left two lessons. First, when a company deploys an AI tool without verifying its accuracy and bias, the company bears responsibility. The excuse "a vendor built it, so we bear no responsibility" does not hold. Second, regulators can go beyond fines and ban the use of a technology itself. If a company lacks the ability to properly control a technology, it should not use it at all.

B. Data Scraping and Personal Information

We think the internet is free. Google searches, Facebook posts, sharing photos on Instagram, all of it costs nothing.

But there's a truth that anyone who has worked on Wall Street long enough knows. "If you're not paying for the product, you are the product."

Over the past twenty years, we poured our daily lives into social media. Photos from a child's birthday party, political opinions, restaurant reviews, frustrations at work. All of it was 'public' data. We posted these things to connect with friends.

But for AI companies, this data was a California gold rush. Companies like OpenAI, Google, and Anthropic vacuumed it all up like giant industrial hoovers. They called it 'scraping.'

(1) The Controversy Over Using Social Media Data for AI Training

In August 2024, LinkedIn quietly updated its privacy policy. A new settings menu appeared.

It was a toggle button labeled 'Data for Generative AI Improvement.' The problem was that this toggle was switched on by default. Unless a user deliberately found and turned it off, LinkedIn could automatically use their posts and profile information for AI training.

In September, LinkedIn updated its privacy policy again. This time it explicitly stated that user data would be used for generative AI training. The order was reversed. Normally, you change the policy first, then collect the data. But LinkedIn started collecting data first and changed the policy afterward. In January 2025, a class action lawsuit was filed in the U.S. District Court for the Northern District of California. The plaintiff was a LinkedIn Premium subscriber. His claim was alarming: LinkedIn had used private messages for AI training. According to the complaint, LinkedIn provided Premium customers' personal messages to third parties to train AI models, without adequate notice or consent procedures for users.

LinkedIn denied the allegations. They stated they had not used private messages for AI training. The lawsuit was voluntarily dismissed by the plaintiff nine days after filing. But the debate it sparked did not disappear.

The core question is this: does posting on a platform constitute consent to AI training? When you uploaded your resume to LinkedIn, you intended for recruiters to see it. When you sent a message to a friend, you meant to communicate with that friend. Does that mean it's acceptable for an AI company to use it to build a multi-billion-dollar model?

This debate is not limited to LinkedIn.

In 2024, Meta notified European users that it would use their posts for AI training based on 'legitimate interest.' The plan was suspended after fierce pushback from European data protection authorities and the civil society group noyb.

X (formerly Twitter) drew criticism for setting user data to be used for training by default when it launched Grok AI. Reddit signed a data licensing deal with Google and began selling user-generated content to AI companies.

In October 2025, LinkedIn changed its policy again. This time it announced that data from users in Europe, the UK, Canada, and Hong Kong would also be used for AI training. The data went as far back as 2003. Users who did not opt out by November 3 were automatically deemed to have consented. Europe's GDPR has been putting the brakes on data collection based on 'legitimate interest.'

But companies keep finding ways around it. This is a war between platform companies and AI companies, and the users who actually own the data are sidelined. Users have the right to refuse having their data used for AI training. But exercising that right requires navigating complex settings menus through multiple steps. Most people don't even know those settings exist.

A paper published in the California Law Review in October 2025 called this situation the "Great Scrape." The authors wrote: "Scraping violates nearly every core principle of privacy law: fairness, individual rights and control, transparency, consent, purpose specification, and data minimization." Privacy law faces a new challenge in the age of AI. How will the law respond?

(2) The Right to Be Forgotten and AI Models: The Challenge of Unlearning Personal Data

Article 17 of Europe's GDPR establishes the 'right to be forgotten.' A data subject can demand deletion of their personal information when it is no longer necessary or when they withdraw consent.

In a traditional database, this is straightforward. Delete a row from a spreadsheet and you're done. Remove a record from a customer management system and that's that.

But an AI model is not a spreadsheet.

You need to understand what it means for an AI model to 'learn' from data. AI doesn't store data as-is. It reads hundreds of billions of texts and extracts patterns from them. These patterns are converted into billions of parameters, numerical weights. A neural network of these numbers, tangled in complex ways, is an AI model.

Here's an analogy. You ordered a cake from a baker. The baker mixed flour, sugar, eggs, and butter, then baked it in the oven. After the cake is finished, you say: "Excuse me, could you remove just the sugar from this cake?" Is that possible? The sugar has already been mixed with the flour and eggs and chemically transformed. To remove the sugar, you'd have to throw away the entire cake and bake a new one from scratch.

AI models work the same way. If a specific individual's data was used in model training, the 'influence' of that data has been dispersed across billions of parameters, dissolved into them. Precisely locating and removing the influence of specific data is virtually impossible with current technology.

The technology attempting to solve this problem is called 'Machine Unlearning.' It's similar to training your brain to selectively forget a phone number you've already memorized. Researchers are developing methods to estimate the influence of specific data and adjust parameters in a direction that cancels that influence. But guaranteeing complete deletion remains difficult.

A paper published in Tech Policy Press in May 2025 declared: "The right to be forgotten is dead. Data lives forever inside AI." The author pointed out that while GDPR Article 17 mandates deletion, it does not define what deletion means in the context of AI. The European Data Protection Board (EDPB) determined that AI developers may be considered data controllers under GDPR, but clear guidelines on how to enforce deletion within AI systems do not yet exist.

OpenAI's GPT-4 uses 1.8 trillion parameters. The dataset exceeds petabytes. This dataset is continuously recycled to learn patterns and inferences.

Verifying that an individual's data has been completely deleted is practically impossible. An even bigger problem is something called a 'model inversion attack,' a technique for reverse-extracting original training data from a trained model. Even if the AI has supposedly 'forgotten' certain data, does deletion mean anything if an attacker can reconstruct that data?

The law can say "delete it." But technology asks back: "What counts as deletion?" This gap is the hardest challenge facing privacy law in the age of AI.

The FTC has offered one solution: algorithmic disgorgement.

If a model was built with illegally collected data, the model itself must be destroyed. In the Rite Aid case and the Weight Watchers Kurbo app case, the FTC applied this principle. The logic: an AI model built on tainted data is like fruit from a poisoned tree. If you can't extract specific data from it, discard the entire model.

This puts enormous pressure on AI companies. Retraining a model like GPT-4 from scratch costs hundreds of millions of dollars. If a multi-hundred-million-dollar model must be scrapped every time someone files a deletion request, the business model itself collapses.

The solution lies not in after-the-fact remedies, but in prevention.

Design that accounts for deletion from the start is necessary. Techniques like SISA (Sharded, Isolated, Sliced, Aggregated), which trains on data broken into small pieces so that only the relevant shard needs retraining when a deletion request arrives, are being researched. A data governance framework that tracks the provenance of training data, records consent status, and can respond when requests come in is essential. The right to be forgotten is the last safeguard preventing AI from becoming a monster that simply devours data. At the intersection of technical standards and legal guidelines, the future of AI ethics will be decided. Scraping begins as a problem of collection, but unlearning ends as a problem of accountability. Companies must realize that hoarding 'more' data is not the answer; the survival stakes are in the filtering work of selecting only 'safe' data. Because soup made from dirty water cannot be sold, no matter how good it tastes.