OTTAWA—The RCMP broke the law by using cutting-edge facial-recognition software to collect personal information, the federal privacy watchdog has found.
In a report Thursday, privacy commissioner Daniel Therrien said there were serious and systemic failings by the RCMP to ensure compliance with the Privacy Act before it gathered information from U.S. firm Clearview AI.
Clearview AI’s technology allows for the collection of huge numbers of images from various sources that can help police forces, financial institutions, and other clients identify people.
In a related probe, Therrien and three provincial counterparts said in February that Clearview AI’s technology resulted in mass surveillance of Canadians and violated federal and provincial laws governing personal information.
They said the New York-based company’s scraping of billions of images of people from across the internet was a clear violation of Canadians’ privacy rights.
Therrien announced last year that Clearview AI would stop offering its facial-recognition services in Canada in response to the privacy investigation.
The move included suspension of the company’s contract with the RCMP, its last remaining client in Canada.
The commissioner’s office said Thursday it remains concerned that the RCMP did not agree with the conclusion that it contravened the Privacy Act.
While the commissioner maintains the RCMP was required to ensure the Clearview AI database was compiled legally, the police force argued doing so would create an unreasonable obligation.
Therrien said this is the latest example of how public-private partnerships and contracting relationships involving digital technologies are creating new complexities and risks for privacy.
He encouraged Parliament to amend the Privacy Act to clarify that federal institutions have an obligation to ensure the organizations from which they collect personal information have acted lawfully.
In the end, the RCMP agreed to implement the privacy commissioner’s recommendations to improve its policies, systems and training, the watchdog said.
The measures include full privacy assessments of the data-collection practices of outside parties to ensure any personal information is gathered in keeping with Canadian privacy law.
The RCMP is also creating an oversight function to ensure new technologies are introduced in a manner that respects privacy, the commissioner said.
Implementing the changes will require broad and concerted efforts across the national police force, Therrien’s report said.
“We strongly encourage the RCMP to dedicate the sustained resources and senior-level championing necessary for successful implementation of its commitment to the recommendations.”
Friends Read Free