Apple and Google Fined R$19M Over FaceApp Privacy Breach

The information displayed in the AIM should not be reported as representing the official views of the OECD or of its member countries.

A Brazilian court orders Apple and Google to pay R$19 million after FaceApp, an AI-powered photo-editing app, collected sensitive user data without clear consent and violated data protection and consumer laws. Judge Douglas de Melo Martins banned the app on their platforms until full compliance with Brazilian privacy regulations.[AI generated]

Why's our monitor labelling this an incident or hazard?

FaceApp is an AI system that processes user images to generate altered photos using AI techniques. The legal condemnation relates to the app's storage of user data without proper consent, constituting a violation of privacy rights under applicable law. Apple and Google, as distributors of the app, are implicated. Since the harm (violation of rights) has already occurred and is directly linked to the AI system's use and data practices, this event meets the criteria for an AI Incident under violations of human rights or breach of legal obligations protecting fundamental rights.[AI generated]

AI principles

Privacy & data governanceTransparency & explainabilityRespect of human rightsAccountability

Industries

Consumer servicesDigital securityMedia, social platforms, and marketingIT infrastructure and hosting

Affected stakeholders

Consumers

Harm types

Human or fundamental rightsReputationalEconomic/Property

Severity

AI incident

AI system task:

Recognition/object detectionContent generation

Articles about this incident or hazard

Apple e Google são condenados no Brasil por causa do FaceApp; entenda

2025-01-09

Olhar Digital - O futuro passa primeiro aqui

Why's our monitor labelling this an incident or hazard?

Justiça suspende FaceApp e multa bigtechs em R$ 19 milhões

2025-01-09

Agência Brasil

Why's our monitor labelling this an incident or hazard?

FaceApp is an AI-powered application that processes user images using AI techniques. The legal ruling highlights that the app collected sensitive data without clear consent and shared it improperly, violating data protection laws and consumer rights. The involvement of AI in the app's operation and the resulting legal harm to users' rights meet the criteria for an AI Incident. The harm is realized (not just potential), and the AI system's use directly led to the violation of rights and legal consequences. Hence, the event is classified as an AI Incident.

Apple e Google pagarão R$ 19 mi após aplicativo violar dados pessoais - Migalhas

2025-01-07

Migalhas

Why's our monitor labelling this an incident or hazard?

The event involves an AI-related application (FaceApp) that processes personal data, which is an AI system by definition as it infers from input data to generate outputs affecting users. The violation of data protection laws and improper handling of sensitive data constitutes a breach of fundamental rights (privacy and data protection). Since the harm (violation of rights and consumer protection laws) has already occurred and legal consequences are being applied, this qualifies as an AI Incident under the framework, specifically under violations of human rights or breach of applicable law protecting fundamental rights.

Apple e Google são condenados a pagar R$ 19 mi por violar dados pessoais - Jornal Pequeno

2025-01-09

Jornal Pequeno

Why's our monitor labelling this an incident or hazard?

FaceApp is an AI system that processes user images using AI techniques. The incident involves the use of this AI system leading to violations of data protection laws and consumer rights, which are legal rights protecting personal data and privacy. The ruling and the described harms (unauthorized data collection and sharing, lack of clear consent) constitute violations of rights under applicable law, fitting the definition of an AI Incident. The AI system's use directly led to these harms, and the legal condemnation confirms the harm has materialized.