This repository contains the work done by Sergio Vittorio Zambelli, Giorgio D'Ambrosio e Fabio Chiarini as part of our cybersecurity master's program at the University of Pisa. For our first project, we chose to explore a case study regarding Clearview AI and its potential violations of the General Data Protection Regulation (GDPR) in Europe. We analyzed this case, summarized the relevant documentation, and explained key aspects of the GDPR, as well as emerging regulations related to AI. Our findings were presented in front of the class as part of our exam.
We based our analysis on the documentation provided by the Italian Data Protection Authority (Garante Privacy). The case focuses on Clearview AI, a facial recognition software company that has been under scrutiny for its data processing practices, specifically its use of web scraping to collect images and personal data without consent.
- GDPR Violations: We explored several GDPR violations related to Clearview's operations, including issues around data collection, transparency, data rights, and biometric data processing.
- The AI Act and Future Directions: We also examined the AI Act, which could play a crucial role in regulating AI systems like Clearview. We discussed how AI regulations are evolving in the EU and how these developments might affect companies operating in the region.
- GDPR Articles: We examined multiple articles of the GDPR that apply to the case, focusing on data subject rights, transparency, data retention, biometric data, and data controllers.
- Facial Recognition and Mass Surveillance: We discussed the impact of AI-powered facial recognition systems and the ethical and privacy concerns surrounding mass surveillance practices.
- The AI Act: We explored recent EU efforts to regulate AI technologies, particularly concerning facial recognition systems and scraping practices.
This case study highlights the intersection of cybersecurity, privacy laws, and artificial intelligence. It showcases how regulatory frameworks like the GDPR are adapting to the challenges posed by AI technologies, ensuring that privacy rights are upheld in an increasingly connected world.
As students of cybersecurity, we are aware of the powerful impact these technologies can have on society, and we believe that strong legal frameworks are necessary to balance innovation with privacy protection. This project was a valuable learning experience for all of us, and we are excited to share it with the community.
- Sergio Vittorio Zambelli
- Giorgio D'Ambrosio
- Fabio Chiarini
We are proud to have worked together on this project and grateful for the opportunity to explore the complex intersection of law and technology. We received excellent feedback from our teacher and classmates, and we hope this work can be useful to others studying similar topics.