Clearview AI built the world's largest known facial recognition database by scraping over 30 billion photographs from Facebook, Instagram, YouTube, and other platforms without user consent or platform authorization. The company sold access to over 3,100 law enforcement agencies and private corporations globally. Courts and regulators in Canada, the UK, France, Italy, Australia, and multiple US states have found the company violated privacy laws and ordered data deletion. The technology remains operational and its founder maintains that privacy expectations are outdated.
In January 2020, The New York Times published an investigation that exposed a technology company most Americans had never heard of: Clearview AI, a startup that had built the largest known facial recognition database in the world by scraping over 3 billion photographs from Facebook, Instagram, YouTube, Twitter, Venmo, and millions of other websites. The company had done this without asking permission from the platforms, without notifying the people whose faces were captured, and without any legal authority to collect biometric data on such a scale.
The revelation sparked immediate controversy. Within weeks, major technology platforms sent cease-and-desist letters. Civil liberties organizations filed complaints with regulators in multiple countries. Privacy commissioners launched investigations. And law enforcement agencies that had quietly used the technology for years were forced to acknowledge that they had deployed a mass surveillance tool without public disclosure or oversight.
By 2024, Clearview AI's database had grown to over 30 billion images—enough to represent approximately half of the United States population—and the company continued to operate despite court orders in multiple countries demanding data deletion and fines totaling tens of millions of dollars.
Clearview AI's technology functions through a simple interface. A law enforcement officer, corporate security employee, or other authorized user uploads a photograph—perhaps from security camera footage, a crime scene, or any other source. The system analyzes the facial features in the photograph and compares them against Clearview's database of billions of images. Within seconds, it returns potential matches along with links to the websites where those matching images appeared.
This capability differentiates Clearview from traditional law enforcement facial recognition systems, which typically compare images only against government databases of driver's license photos, mugshots, and visa applications. Clearview searches the open internet, incorporating any photograph ever posted to a public website or social media profile, regardless of whether the person depicted has any interaction with law enforcement.
The company's founder, Hoan Ton-That, described the scraping process in technical documentation obtained by journalists: Clearview developed automated crawlers that systematically copied images from websites, extracted the faces using computer vision algorithms, converted each face into a mathematical representation called a facial signature, and indexed these signatures to enable rapid searching. The system retained links to the original sources, allowing users to see where matches appeared online.
According to internal documents from 2020 obtained by BuzzFeed News, Clearview's system had conducted over 500,000 searches for law enforcement agencies by February of that year. Each search potentially implicated dozens or hundreds of individuals whose photographs happened to match the query image with sufficient algorithmic confidence.
Hoan Ton-That, an Australian entrepreneur who co-founded Clearview AI in 2017, articulated an explicit philosophy defending the company's data collection practices. In a January 2020 interview with The New York Times shortly after the company's existence became public, Ton-That stated: "There is no expectation of privacy for photos posted publicly online."
"Privacy is not a social norm anymore."
Hoan Ton-That, CEO of Clearview AI — The New York Times, 2020This position—that public posting equals universal consent for any use—formed the legal and ethical foundation of Clearview's business model. The company argued that because its crawlers only accessed publicly available information, the same information that any person could theoretically access by manually searching the internet, the automated mass collection of this data did not violate privacy laws.
Ton-That's co-founder, Richard Schwartz, brought law enforcement connections from his previous work as an aide to former New York City Mayor Rudy Giuliani. Schwartz leveraged these relationships to market Clearview to police departments, offering free trials and emphasizing the technology's potential to solve crimes. Together, the founders positioned Clearview as a tool for public safety, arguing that restricting the technology would hamper law enforcement's ability to identify suspects, locate missing persons, and investigate crimes.
Privacy advocates and legal scholars rejected this framing. They argued that individuals who post photographs to social media expect those images to be viewed by their social networks, not incorporated into a law enforcement database accessible to thousands of government employees and corporations. The context of disclosure matters: consenting to share a photo with friends does not equate to consenting to perpetual government surveillance.
Documents obtained through public records requests revealed that between 2017 and 2020, Clearview AI had sold or provided access to more than 3,100 law enforcement agencies in the United States. The client list included local police departments, sheriff's offices, state police agencies, and federal law enforcement including Immigration and Customs Enforcement (ICE), the Federal Bureau of Investigation (FBI), and the Department of Homeland Security.
The New York Police Department emerged as one of Clearview's largest municipal customers. According to investigations by The New York Times and The Intercept, NYPD detectives had conducted more than 11,000 searches using Clearview by early 2020. The department used the technology without formal contracts, without informing the New York City Council, and without establishing policies governing its use—a pattern replicated in jurisdictions across the country.
At the federal level, ICE became a major customer. Documents obtained by BuzzFeed News through Freedom of Information Act requests showed that ICE's Homeland Security Investigations division used Clearview in cases involving human trafficking, child exploitation, and identity verification. The use of Clearview by immigration enforcement agencies raised particular concerns among immigrant rights advocates, who noted that the technology could be used to identify and locate undocumented immigrants based on photographs posted to social media, creating a surveillance system that would chill immigrants' willingness to engage in online expression.
Many agencies adopted Clearview through informal channels. Individual officers would sign up for free trials, use the technology in investigations, and only later would departments discover that employees had accessed a commercial surveillance tool without authorization or oversight. This decentralized adoption pattern meant that even agencies' leadership was sometimes unaware of how extensively their personnel used Clearview.
A 2021 Government Accountability Office report examining federal use of facial recognition technology found that several Department of Homeland Security components, including ICE, had used Clearview without conducting required privacy impact assessments or establishing adequate oversight procedures, in violation of federal policy.
When Clearview AI's practices became public in January 2020, major technology platforms responded with legal threats. Facebook, Google (owner of YouTube), Twitter, and LinkedIn all sent cease-and-desist letters to Clearview demanding the company stop scraping their platforms and delete previously collected data.
Facebook's letter, sent in February 2020, stated that Clearview's scraping violated the platform's Terms of Service, which "prohibit the use of our services or tools to build facial recognition databases or products." The company threatened legal action if Clearview did not comply. A Facebook spokesperson said: "Scraping people's information violates our policies, which is why we've demanded that Clearview stop accessing or using information from Facebook or Instagram."
Google sent a similar letter, noting that YouTube's Terms of Service "explicitly forbid collecting data that can be used to identify a person." Twitter's cease-and-desist cited violations of rules prohibiting data scraping and derivative works. LinkedIn's letter emphasized that users who post professional photographs to their profiles do not consent to those images being used for law enforcement surveillance.
Clearview's response was to largely ignore these demands. In interviews, Ton-That argued that the company was protected by the First Amendment right to collect publicly available information, a position that had some support in case law regarding data journalism and web crawling, but had never been tested in the context of biometric mass surveillance.
Court documents from subsequent litigation revealed that Clearview continued to maintain images scraped from these platforms in its database even after receiving cease-and-desist letters. The company's position was that once data had been collected from public sources, it could not be compelled to delete it.
As Clearview's operations came under scrutiny, privacy regulators in multiple countries initiated investigations. The responses were remarkably consistent: authorities across different legal systems found that Clearview violated fundamental privacy principles.
In February 2021, the Office of the Privacy Commissioner of Canada, together with provincial privacy authorities in Quebec, British Columbia, and Alberta, released findings from a joint investigation concluding that Clearview AI violated Canadian privacy law. Privacy Commissioner Daniel Therrien stated that Clearview's business model amounted to "mass surveillance" and was "illegal" under the Personal Information Protection and Electronic Documents Act (PIPEDA).
The investigation found that Clearview collected highly sensitive biometric information without consent, that individuals had no reasonable expectation their images would be used for facial recognition, and that the collection was not limited to what was necessary for any legitimate purpose. The Commissioner ordered Clearview to cease offering services in Canada, stop collecting images of Canadians, and delete images of Canadians already in its database.
Clearview initially contested these findings but announced in July 2021 that it would comply with the order and stop offering services in Canada. However, subsequent investigation by Canadian journalists suggested that the company had not fully deleted Canadian data and that the technical challenges of identifying and removing images of Canadian citizens from a 30-billion-image database made meaningful compliance nearly impossible.
In May 2022, the UK Information Commissioner's Office (ICO) issued a final decision fining Clearview AI £7.5 million (approximately $9 million) and ordering the company to delete all data relating to UK residents. The ICO found that Clearview had violated UK General Data Protection Regulation (UK GDPR) provisions requiring lawful basis for data processing, transparency, and data minimization.
Information Commissioner John Edwards stated: "Clearview AI Inc has collected multiple images of people all over the world, including in the UK, from a variety of websites and social media platforms, creating a database with more than 20 billion images. The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service."
The ICO's order specifically required Clearview to cease offering services to UK organizations, including law enforcement. As of 2024, Clearview had not paid the fine and UK authorities reported difficulty enforcing the deletion order against a company with no physical presence in the UK.
In October 2022, France's Commission Nationale de l'Informatique et des Libertés (CNIL) imposed a €20 million fine on Clearview AI for violations of the European Union's GDPR. The fine represented one of the largest GDPR penalties imposed on a facial recognition company.
CNIL found that Clearview had unlawfully collected and processed biometric data of French residents, failed to obtain required consent, failed to provide adequate information about data collection, and failed to facilitate data subject rights including the right to erasure. The authority stated that "the company CLEARVIEW AI collected and processed data on a massive scale, including in France" in a manner that "disregarded people's right to information, right to access, right to data portability, right to object, and right to erasure."
CNIL ordered Clearview to cease collecting and processing data on French residents within two months and to facilitate the exercise of data subject rights. Like the UK fine, the French penalty remained unpaid as of 2024, and enforcement proved challenging given Clearview's lack of European operations.
Italy's Data Protection Authority (Garante) imposed a €20 million fine in March 2022, finding that Clearview had processed Italian residents' biometric data without legal basis. The Australian Privacy Commissioner found in November 2021 that Clearview breached Australian Privacy Principles by collecting sensitive information without consent and interfering with privacy by collecting facial images and biometric templates "secretly, without consent or the knowledge of the individuals concerned."
While the United States lacks comprehensive federal biometric privacy legislation, several states have enacted laws regulating the collection of biometric data. Illinois' Biometric Information Privacy Act (BIPA), passed in 2008, is the strongest of these statutes, requiring companies to obtain written consent before collecting fingerprints, voiceprints, or facial geometry data.
In May 2020, the American Civil Liberties Union (ACLU) of Illinois filed a lawsuit against Clearview AI on behalf of the Illinois Public Interest Research Group and other plaintiffs, alleging BIPA violations. The lawsuit stated that Clearview "secretly collected, used, and profited from the sensitive biometric identifiers of millions of individuals" in Illinois "without their knowledge, much less their informed written consent."
The case consolidated with other BIPA claims against Clearview filed by privacy advocacy organizations and individuals. In May 2022, the parties reached a settlement requiring Clearview to pay $50 million—structured as a stake in the company worth that amount, payable if Clearview reaches certain valuation milestones or undergoes a liquidity event—and permanently cease selling to private entities in Illinois.
Critically, the settlement permitted Clearview to continue selling to law enforcement agencies in Illinois, a carve-out that privacy advocates criticized as undermining the settlement's effectiveness. The ACLU noted that while the settlement represented some accountability, it left the core surveillance infrastructure intact and available to government agencies.
Additional BIPA litigation against Clearview was filed in federal court in the Northern District of Illinois. In 2024, a federal judge allowed most claims to proceed, rejecting Clearview's arguments that BIPA violated the First Amendment or that the company's data collection was exempt from the statute.
Clearview AI has consistently claimed high accuracy rates for its facial recognition technology, stating in marketing materials that the system achieves over 99% accuracy in optimal conditions. However, independent evaluation of the system's performance has been limited because Clearview has not submitted its technology to standardized testing by the National Institute of Standards and Technology (NIST), the federal agency that evaluates facial recognition algorithms.
Research on facial recognition technology more broadly has documented significant accuracy disparities across demographic groups. A 2019 NIST study examining over 100 commercial facial recognition algorithms found that error rates for identifying Asian and Black faces were 10 to 100 times higher than for white faces. For African American women, error rates were highest of all.
These disparities have profound implications for law enforcement use. If a facial recognition system is more likely to produce false matches for people of color, and if police departments use these systems to generate investigative leads, the technology will systematically direct suspicion toward innocent people of color at higher rates than toward innocent white people.
Civil liberties organizations have documented cases where facial recognition led to wrongful arrests. In 2020, Robert Williams, a Black man in Detroit, was arrested based on a facial recognition match that later proved erroneous. Similar cases have been documented in New Jersey and Louisiana. In each case, the misidentification resulted from facial recognition systems producing false positives—incorrectly matching a suspect image to a photograph of an innocent person.
Clearview has argued that its system is more accurate than other facial recognition technologies because its database is larger and includes multiple images of the same individuals from different angles and lighting conditions, allowing the algorithm to better account for variation. However, without independent testing, these claims remain unverified.
Clearview AI raised approximately $40 million in venture funding through 2022 from investors including Peter Thiel's Founders Fund. Thiel, a billionaire entrepreneur who co-founded PayPal and Palantir Technologies and was an early Facebook investor, has been a consistent proponent of surveillance technologies serving government and law enforcement interests.
Founders Fund participated in Clearview's early funding rounds in 2017-2018, viewing the company as aligned with Thiel's philosophy that privacy concerns are often overstated relative to security benefits. Thiel's other company, Palantir, has built data integration and analytics platforms used by intelligence agencies, law enforcement, and Immigration and Customs Enforcement, sometimes amid controversy over civil liberties implications.
Clearview's business model centers on subscription licensing. Law enforcement agencies and corporate clients pay monthly or annual fees for access to the system, with pricing tiers based on search volume. Internal documents obtained by journalists showed that in 2020, Clearview charged law enforcement agencies between $2,000 and $10,000 per year depending on the size of the agency and number of users.
The company has sought to expand beyond law enforcement into financial services, retail, and other sectors. The Illinois BIPA settlement's prohibition on sales to private entities in that state represented a setback to this expansion strategy, though the company continues to market to corporate clients in other jurisdictions.
By 2023, Clearview claimed to have clients in multiple countries and to have expanded its database to over 30 billion images. Company statements to investors suggested the database represented approximately 50% of the US population, though this figure assumes each person is represented by multiple images in the database.
The cease-and-desist letters sent by Facebook, Google, Twitter, and LinkedIn in February 2020 were legally significant not primarily for their demands—which Clearview largely ignored—but for what they revealed about the platforms' own policies and awareness of scraping.
Each platform stated that its Terms of Service explicitly prohibited the automated collection of user data for purposes like building facial recognition databases. Facebook noted it "prohibits the use of our services or tools to build facial recognition databases or products." YouTube's Terms stated that users may not "collect or harvest any information that might identify a person without their express consent."
These policies raise the question: if the platforms prohibited this conduct, why were they unable to prevent it technically? The answer lies in the fundamental architecture of the web. Scraping is possible because websites must serve content to browsers, and automated systems can mimic browser requests. Preventing scraping requires active countermeasures: rate limiting, bot detection, CAPTCHA challenges, and continuous monitoring for unusual access patterns.
The platforms' letters suggested they had, until media reports forced the issue, been largely unaware of Clearview's systematic scraping. This raises questions about the adequacy of the platforms' monitoring systems. If a startup could scrape billions of images without detection, what other surveillance systems might be operating without the platforms' knowledge?
The platforms' own relationships with facial recognition are also relevant. Facebook operated its own facial recognition system for photo tagging from 2010 until 2021, when it announced it would shut down the system and delete face-scan data amid "growing societal concerns." In 2020, Facebook paid $650 million to settle a class-action lawsuit alleging violations of Illinois' BIPA related to this photo tagging feature.
The cease-and-desist letters thus represented both genuine objections to Clearview's practices and a degree of hypocrisy, given the platforms' own extensive data collection and, in Facebook's case, facial recognition operations.
As of 2024, Clearview AI remains operational despite regulatory orders in multiple countries demanding data deletion and imposing tens of millions of dollars in fines. The company continues to market its services to law enforcement agencies in the United States and other jurisdictions where operations have not been explicitly prohibited.
Enforcement of the international regulatory orders has proven challenging. Clearview has no physical presence in countries like the UK, France, Italy, or Canada, making direct enforcement difficult. The fines remain largely unpaid. Whether the company has complied with data deletion orders is impossible to verify without access to Clearview's systems, and privacy regulators lack the technical means to confirm deletion.
In the United States, the lack of comprehensive federal biometric privacy legislation means Clearview faces a patchwork of state laws. The company has adapted by restricting sales to private entities in states with strong biometric privacy laws while continuing to serve law enforcement in those jurisdictions.
Several fundamental questions about Clearview remain unresolved. First, is there a First Amendment right to scrape publicly accessible data and build biometric databases? Courts have not definitively answered this question, and the issue implicates tensions between data protection, free expression, and investigative journalism rights.
Second, even if such scraping is constitutionally protected, does the Fourth Amendment restrict law enforcement use of these systems? Some scholars argue that using facial recognition to identify people engaged in constitutionally protected activities like protests or religious gatherings constitutes a Fourth Amendment search requiring a warrant. Courts have not yet addressed this argument in the context of tools like Clearview.
Third, what duty do platforms have to prevent scraping? If Facebook's Terms of Service prohibit scraping but the company lacks technical measures to prevent it, are the Terms merely aspirational? And if platforms could implement more aggressive anti-scraping measures but choose not to because such measures would degrade user experience, do they bear responsibility for surveillance systems built on their data?
Fourth, what are the long-term societal implications of a world in which any photograph ever posted online can be searched? Privacy advocates argue that such systems will chill free expression and association, as individuals become aware that attending a protest, visiting a medical clinic, or appearing in any photograph posted by another person will make them permanently identifiable and trackable. This represents a fundamental change in the relationship between individuals and public space.
Clearview AI built the world's largest facial recognition database by systematically scraping over 30 billion photographs from social media platforms without permission, consent, or legal authorization. The company sold access to thousands of law enforcement agencies and private corporations, enabling mass surveillance on a scale previously impossible.
Regulatory authorities in Canada, the United Kingdom, France, Italy, and Australia found that Clearview violated privacy laws and ordered the company to delete data and cease operations. Illinois courts found BIPA violations and imposed a $50 million settlement. Yet the company continues to operate, the database continues to grow, and law enforcement agencies continue to use the technology.
The Clearview case illustrates the limitations of privacy law in addressing surveillance technologies that operate at internet scale. Cease-and-desist letters and regulatory fines are meaningful only if they can be enforced, and enforcement against a company with no physical presence in the regulating jurisdiction and assets shielded from collection is difficult if not impossible.
The case also illustrates a deeper philosophical divide about privacy in the digital age. Clearview's founder argued that privacy expectations are outdated and that publicly posted information is fair game for any use. Privacy advocates and regulators in multiple countries rejected this position, asserting that context matters and that individuals retain privacy interests even in publicly accessible data.
What remains unresolved is whether legal and technical systems can adapt quickly enough to constrain surveillance technologies that develop faster than the law can respond. Clearview AI built its database before most regulators were aware the company existed. By the time regulatory action came, the surveillance infrastructure was operational and its dismantlement—if technically possible at all—faced enormous practical obstacles.
The architecture of mass surveillance, once built, is difficult to dismantle. That may be the most significant legacy of Clearview AI: not simply that the company violated privacy laws, but that it demonstrated how easily mass surveillance infrastructure can be constructed using publicly accessible data, and how difficult such infrastructure is to eliminate once it exists.