Imagine walking down the street, and someone takes a picture of your face. After a few seconds, they will know who you are, who your friends are, and even trace some moments from your past—how happy you are, smiling, posted on a social platform and when travelling a few years ago. It is not a science fiction movie; it is what a company called Clearview AI is doing. In September 2025, U.S. Immigration and Customs Enforcement (ICE) and its Homeland Security Investigations (HSI) reached a $9.2 million deal with the New York-based company, with an advance payment of $3.75 million for the technology they bought (Kimery, 2025). Your face may already be in their database, and you have never agreed to it. When commercial companies and law enforcement agencies unknowingly share your facial information, the freedom of citizens in the digital age is facing unprecedented erosion. Privacy is the foundation of digital rights. Privacy is not a secret; it is about the right to reject. Without privacy, there is no way to talk about digital rights at all.
Figure: Women look at security cameras (Henry, 2016)
No Consent and No Awareness
Digital rights sound grand, but when implemented at a specific level, they can be broken down into several of them, such as the right to consent, the right to be informed, the right of access and the right to erasure. These should be users’ rights, but Clearview AI has not implemented all of them.
The right to consent is the right to have the final say after knowing it. In other words, you should have the opportunity to say “yes” or “no” before your data is used. In Clearview AI’s operational process, there is no step to obtain consent. It does not ask you to check a box to agree, nor does it pop up to ask whether you can collect your photos; it just collects your information.
Clearview AI captures images from the entire Internet, involving tens of billions of individuals. The California Privacy Protection Agency posted a consumer alert video to warn people. Even if it wants to get consent, it cannot technically do so because it does not know whose face it is grabbing at all, let alone have a mechanism to contact these people.
Under the GDPR, consent is a prerequisite for data processing, that is, prior authorization rather than an independent right. The right to be informed requires data processors to inform individual users in a clear and easy-to-understand way that they are collecting data, where it is collected, what they use it for, to whom the data should be given, and the purpose.
However, Clearview AI has not informed them at all. If Clearview AI tells you honestly that we will use your face photos to add them to our database and sell them to law enforcement agencies, you are likely to disagree. But in reality, you are never told this. You do not even know, and you do not even have a chance to refuse. It is the essence of denying the right to be informed.
As Suzor (2019) said, for most mainstream platforms, the content review process is opaque and hidden, meaning users have no right to be informed.
Access and Erasure Without Control
You cannot log in to see what photos of you exist in the system, because it does not provide any public query mechanism and does not even have the right to look. Clearview AI provides a so-called data query process, meaning users need to submit a photo of themselves to determine whether it is in the database. It is absurd to take the initiative to submit more data to confirm that your data has been violated.
The right of access is the trigger of the right to erasure. In other words, access is what allows you to take further action. If you do not know where your data is and who holds it, you are not even qualified to apply for deletion. You have no idea whether your photos are in its database. Without that knowledge, you cannot apply for deletion, so the right to erasure has become an inapplicable right from the beginning.
Suzor (2019) found that people were usually discouraged from appealing the decision to delete the content. Still, when they found it too confusing to determine which procedures to follow, only half said they would appeal the decision. Meanwhile, it is not certain whether it has really been deleted, and as long as the photo is sent again, the crawler program may crawl it again at any time. Deletion is only a one-time relief measure, while the digital environment is dynamic and continuously collected.
Users should have enjoyed these powers, but they have become extravagant, which is information asymmetry. These rights are fundamental to personal dignity and freedom in the digital age. Each of these rights depends on the same premise—privacy: you actually know that your data has been taken away.
No Right to Refuse
It is not enough to point out that Clearview AI violates these rights. The deeper problem is that privacy is the premise of all these digital rights, and operating model Clearview AI damages the privacy of users at its core. The most fundamental problem is that it deprives your ability to say “no”. Users have never been informed, never been consulted, and never been given the option of rejection. It is not just a short-term data exposure, but a long-term system that will also automate monitoring. It can collect your facial features and search for them without you noticing.
Privacy and secrecy are different. Privacy is not about keeping things hidden. It is about who gets to decide. Users’ public sharing of photos on social media does not mean giving up privacy. The core defense of Clearview AI is that these are all public information on the Internet, which is essentially a false simplification. It openly overlooks the new privacy risks posed by face recognition technology. The absurdity of Clearview AI is that it tries to skip the privacy basis and directly discuss whether public data can be used for AI. But the core of the problem is never whether the data is public, but who has the right to decide how the data is used.
Unfortunately, the judges and regulators around the world hardly buy it, because disclosure does not mean that it can be taken away at will for face recognition, which confuses the concept. Legal Technology (2026) reports that the British High Court’s ruling means that publicly available data cannot be used for AI training or monitoring at will. When you post a photo on social media, you expect it to share your life, not to let a commercial company take it and use it in a system that can control your every move.
Flew (2018) noted that the digital platform’s core business model is to exchange users’ personal data for so-called free services, which, in itself, creates a fundamental power imbalance. Users think that they are using the service for free, but in fact, they are paying for privacy. Clearview AI is even more excessive, because it directly took your face without providing any service. The program of Clearview AI crawls across Facebook, YouTube, Twitter and other public Internet platforms like a spider. Every time a human face is found, it will be saved. In addition to the database, there is also a face recognition search engine. After taking one photo, you can transfer other photos, which means that anyone, even if not the regulator, can easily identify your many photos.
When privacy Disappears, Digital Rights Collapse
When privacy is taken away, digital rights begin to collapse because users lose control over their personal data. Karppinen (2017) argues that digital rights are not a set of fixed requirements but a process of continuous consultation and debate on ethical frameworks and principles, meaning that these rights only make sense when they can be exercised in practice.
The first right to collapse is the right to be informed. Its premise is that you know that your personal data is being collected. When Clearview AI collects data without the users’ knowledge, there is no chance to ask questions, because you do not know who to ask or what to ask.
The right of access is the bridge between the right to be informed and the right to erasure. To exercise the right of access, you must know who to claim to, and there is no way to consult.
The right to erasure will also become the power that cannot be exercised, because you cannot apply to delete something that you do not know exists. The right to erasure should be a relief after the fact, and it cannot be remedied when the premise of privacy does not exist.
Clearview AI Exposes the Deep Limitations of Digital Rights Discourse
To understand why Clearview AI is difficult to deal with the existing digital rights framework, it is necessary to distinguish between two concepts: negative rights and positive rights.
Simply put, negative rights protect you from the interference of others. In the digital environment, the negative rights prevent the government from shutting down your network or censoring your posts. Positive rights, which create the conditions for you to exercise your rights. Karppinen (2017) pointed out that a negative rights perspective has long dominated the early debate on Internet rights, with the focus on the government not interfering in cyberspace and the core demand to protect individuals from arbitrary interference by state power.
However, the operating model of Clearview AI precisely reveals the blind spot of this framework: the most serious privacy threat today does not come mainly from government censorship, but from large technology companies that hold power. It also explains why traditional right-based methods cannot keep up with the movement of data-driven technology. Clearview AI is not the government, and negative rights cannot be handled because there is no government intervention, but privacy has been systematically deprived.
From the perspective of positive rights, the realization of digital rights depends not only on the government’s non-intervention but also on policymakers’ initiative to promote equality and to impose restrictions on monitoring and censorship (Karppinen, 2017). Taking Clearview AI as an example, the problem is not as simple as infringing on users’ rights and interests. What is really fatal is that, in the face of this kind of blatantly depriving privacy business operation, the whole response mechanism has not kept up at all.
Privacy Loss Is Not a Personal Problem—It Is a Shared Responsibility
- Company
The core problem is the company’s model based on unauthorized data. When users do not know it, privacy erosion is no longer a risk, but a design feature.
- Regulatory authorities
In recent years, the regulatory authorities of various countries have finally begun to take action. Although the strength is uneven, Britain imposed a fine of 7.5 million pounds on Clearview AI and forced it to delete British user data in 2022 (ICO, 2025). The meaning is clear: technology companies should not want to be wild, and regulatory authorities should not pretend to be fine. As long as you use personal data, you are responsible. Privacy is no longer just talk.
- Platforms
Interestingly, many platforms use your information by default from the beginning. Like Facebook, it encourages you to post and share photos, but it does not care about that when it prevents data misuse.
- Users
There is not much left except a few passive measures. Although it is almost impossible to completely avoid data collection, at least some protective measures can be taken. Using different information across different platforms, carefully authorizing access to third-party applications, checking your privacy settings to make sure nothing is messed with, and reporting the really shady stuff to regulatory authorities. However, these measures can only reduce the risk, but cannot fundamentally solve the problem.
Clearview AI is not an exception; it is a warning. Think about it: if any company can take your face casually and you do not even have to refuse, then privacy is no longer a right but just empty talk. Actually, your face no longer belongs to you, that is why we should fight for our privacy.
Reference List
California Privacy Protection Agency. (2023, December 11). Consumer Alert: Clearview AI [Video]. YouTube. https://youtu.be/etH6N5TnkHw?si=JcXOVnXo1kyO2sYW
Flew, T. (2018). Platforms on trial. Intermedia, 46(2), 24–29. https://eprints.qut.edu.au/120461/
Henry, M. (2016). Women look at security cameras [Photograph]. Unsplash. https://unsplash.com/photos/two-women-facing-security-camera-above-mounted-on-structure-fPxOowbR6ls
Information Commissioner’s Office. (2025, October 8). UK Upper Tribunal hands down judgment on Clearview AI Inc. https://ico.org.uk/about-the-ico/media-centre/news-and-blogs/2025/10/uk-upper-tribunal-hands-down-judgment-on-clearview-ai-inc/
Kimery, A. (2025). ICE awards Clearview AI $9.2M facial recognition contract. Biometric Update. https://www.biometricupdate.com/202509/ice-awards-clearview-ai-9-2m-facial-recognition-contract
Karppinen, K. (2017). Human rights and the digital. In H. Tumber & S. Waisbord (Eds), The Routledge Companion to Media and Human Rights (pp. 95–103). Routledge. https://doi.org/10.4324/9781315619835
Legal Technology. (2026). The Clearview AI ruling and its impact on global data controllers (UK). AI Law – International Review of Artificial Intelligence Law. https://www.reviewofailaw.com/Tool/Evidenza/Single/view_html?id_evidenza=5101
Suzor, N. P. (2019). Who makes the rules? In Lawless: The secret rules that govern our digital lives (pp. 10–24). Cambridge University Press. https://doi.org/10.1017/9781108666428
Be the first to comment