Facial Recognition AI PimEyes Scrapes Images of Deceased from Ancestry.com, Violating Privacy Rights

PimEyes uses AI facial recognition technology to index and identify individuals by their facial features. The unauthorized scraping of images from Ancestry.com constitutes a misuse of data and breaches Ancestry's terms, which can be considered a violation of privacy and data rights. Although the AI system's use led to a breach of data use policies, the article does not report direct harm such as injury, operational disruption, or confirmed legal violations beyond the scraping itself. PimEyes' acknowledgment and corrective actions suggest the event is primarily about the potential for harm and the response to it rather than a confirmed incident causing harm. Therefore, this event is best classified as Complementary Information, as it provides context on AI misuse and the response to it without confirmed realized harm.

The AI system (PimEyes) is explicitly mentioned as using facial recognition technology to create biometric faceprints from scraped images, including those of deceased individuals. The unauthorized scraping and indexing of these images directly leads to privacy violations and ethical harms, as living relatives can be identified without consent, and deceased individuals cannot revoke consent. This constitutes a violation of rights under applicable law protecting privacy and data protection, fulfilling the criteria for an AI Incident. The event describes realized harm rather than potential harm, so it is not an AI Hazard. It is not merely complementary information or unrelated news, as the core issue is the misuse of an AI system causing harm.

The event explicitly involves an AI system (facial recognition algorithm) that was trained on unauthorized data (photos of deceased people) obtained by scraping, which breaches legal and ethical norms regarding consent and privacy. The harm includes violation of privacy rights of deceased individuals who cannot consent, and indirect harm to living relatives who may be exposed to stalking or doxing. The AI system's use of stolen data and failure to fully protect privacy constitutes an AI Incident under the framework, as it has directly led to violations of rights and harm to communities.

PimEyes is an AI system using facial recognition technology to index and search faces. The unauthorized scraping of images from Ancestry, including those of deceased individuals, directly violates privacy rights and data protection laws, constituting a breach of fundamental rights. The event describes actual misuse of AI technology leading to harm (privacy violations), not merely a potential risk. The company's prior history of misuse and the current incident's impact on privacy reinforce the classification as an AI Incident rather than a hazard or complementary information.

The event describes the use of an AI facial recognition system that has directly led to privacy and ethical harms by scraping and indexing images without consent, including those of deceased individuals. This constitutes a violation of data protection and privacy rights, which falls under violations of human rights or breach of obligations under applicable law. The harm is realized as the images are being used to identify living relatives without consent, causing distress and privacy violations. Therefore, this qualifies as an AI Incident due to the direct involvement of an AI system causing harm through its use and misuse.

PimEyes is an AI-powered facial recognition search engine that uses AI to identify and index images. The unauthorized scraping and indexing of images, including those of deceased individuals, from Ancestry.com without consent constitutes a breach of privacy and intellectual property rights. This misuse of the AI system has directly led to harm in terms of privacy violations and potential risks to individuals' personal information, fitting the definition of an AI Incident under violations of rights and harm to communities.