Big Brother Watch files legal complaint against facial recognition “search engine”, PimEyes

Big Brother Watch Team / November 8, 2022

  • Big Brother Watch claims the online facial recognition website is “unlawful” and enables surveillance and stalking “on a scale previously unimaginable”
  • Legal complaint urges Information Commissioner to investigate and “stop unlawful processing”
  • PimEyes searches images of billions of people, including children, and can be used to “surveil, harass and stalk”

Privacy rights group Big Brother Watch has filed a legal complaint with the UK’s Information Commissioner against the online facial recognition “search engine” PimEyes. The complaint, sent via data law firm AWO, indicates that PimEyes is unlawfully processing the biometric data of millions of UK citizens.

PimEyes allows anyone to upload an image of a person to their website, which is then processed using facial recognition technology to find potential matches from an index of billions of photos from the internet. PimEyes places no limits on the type of images that may be used for search and has no safeguards to prevent people using the service to extract a library of photos of someone other than themselves. Instead, it asks customers to use the technology ethically.

PimEyes allows users to find images of anyone from across the internet. This could include photos from media articles, personal blogs, dating websites, employment profiles, and other publicly available websites. The returned facial images are provided alongside the URLs where they are hosted, allowing the user access to highly revealing contextual information about the searched individual. This could include the searched individual’s name, details about their place of work, or indications of the area in which they live.

Functioning as an index of images on the internet, PimEyes is likely to process many millions of facial images of UK citizens, which are regularly searched without the knowledge or consent of individuals in the images.

The company offers subscriptions that allow people to perform dozens of searches a day. Those using the premium service can set alerts for up to 500 different images, so that they receive a notification when a particular face shows up on a new website. There is no limit on the age of individuals in the photos searched, meaning children can also be tracked across the web. Although PimEyes states that its service is “not intended for the surveillance of others”, there are no safeguards that prevent this and it has been described by critics as “stalkerware by design”.

The privacy NGO’s legal complaint claims that the facial recognition product is “deeply privacy-intrusive” and warns that the service could be used to stalk and harass individuals.

Worryingly, PimEyes could be used to discover the identity of an unknown individual seen in revenge porn or child sexual abuse material. The Intercept found that search results for children included images that PimEyes labels as “potentially explicit.”

PimEyes has a similar business model to Clearview AI, a controversial facial recognition company with a database of over 20 billion facial images. The company was fined £7.5 million by the Information Commissioner’s Office earlier this year for violating data protection law by unlawfully processing the biometric data of UK citizens. Big Brother Watch’s legal complaint claims that PimEyes is similarly violating data protection law.

However, unlike Clearview AI, PimEyes is not only aimed at law enforcement and can be used by anyone on the internet.

Big Brother Watch has raised concerns that private sector facial recognition tools are being used in increasingly harmful ways. Earlier this year, prompted by another legal complaint from Big Brother Watch, the Information Commissioner’s Office announced it was investigating the Southern Co-op’s use of live facial recognition surveillance in its supermarkets.


Madeleine Stone, Legal and Policy Officer at Big Brother Watch said:

“PimEyes enables privacy intrusion and stalking on a scale previously unimaginable. This facial recognition search engine lawlessly scans billions of our photos without our knowledge or permission.

“Images of anyone, including children, can be scoured and tracked across the internet. This extraordinary power is available to anyone at the click of a button and could be secretly used by potential employers, university admissions officers, domestic abusers or stalkers.

“The use of facial recognition to identify people among potentially billions of photos threatens to end anonymity as we know it. The Information Commissioner must act to safeguard the British public from these dangerous facial recognition tools.”

Alex Lawrence-Archer, Solicitor at data rights agency AWO said:

“PimEyes’s tool makes invasive facial recognition technology available to anyone with an internet connection. The company’s claims that people only use the tool to search for their own face don’t bear scrutiny: PimEyes carry out no checks. They allow anyone to search against anyone else’s face, finding photographs of them from across the internet.

“The tool creates significant risks, potentially allowing people to identify the name and address of complete strangers with just one facial image.

“It’s a serious breach of UK citizen’s privacy rights, and we hope that the Information Commissioner’s office takes swift action to put a stop to it.”