Privacy and data protection regulations for AI using publicly available data: Clearview AI case

Data are pivotal resources in artificial intelligence (AI) research and development. Acquiring enormous quantities of high-quality data is essential for improving AI performance. However, obtaining such data poses significant challenges, including high costs and accessibility barriers. A critical question arises: does using publicly available data from the Internet lead to violations of privacy and/or data protection laws? This paper examines privacy rights and data protection laws concerning the use of publicly accessible online data in AI research across the United States, Canada, Europe, and Australia. Focusing on recent controversies, particularly the Clearview AI case, it compares the legal and regulatory frameworks in these jurisdictions. The analysis highlights how digital governance in privacy and data protection must evolve in response to the growing demand for publicly available data in AI development. The central finding of this paper is that significant privacy and data protection risks and debates arise when publicly available data are used without adequate consent or legitimate purposes. The enforcement of these legal principles varies across countries, with substantial dependency on specific circumstances. The Clearview AI case, in particular, has exposed several ironies and unresolved issues surrounding data protection, privacy rights, and enforcement practices. These include disputes over the extraterritorial application of laws, inconsistent and impracticable legal enforcement, and settlements reached without judicial rulings. To foster a fair and trustworthy environment for AI development, compliance with privacy and data protection laws is critical. Achieving this requires more consistent, practical, and cooperative legal frameworks across nations to ensure safe and practical protection of personal data.