Clearview AI Faces Record €30.5 Million Fine for Privacy Breach
The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million on Clearview AI and has ordered the company to cease its violations, warning that failure to comply could result in an additional penalty of up to €5.1 million.
Clearview AI provides facial recognition services, utilizing an unlawfully collected database that includes images of Dutch residents. The company offers its services to law enforcement agencies, enabling the upload of video footage to identify individuals. To achieve this, Clearview AI amassed a database of over 30 billion photographs, automatically scraped from the internet without the knowledge or consent of the individuals involved. Each face in the database has been converted into a unique biometric code. The Dutch DPA has also emphasized that the use of Clearview’s services is prohibited.
The Dutch DPA remarked that facial recognition technology is exceedingly intrusive and cannot be indiscriminately applied. Individuals whose images are available online may find themselves included in Clearview AI’s database, subjecting them to surveillance, which constitutes a grave violation of human rights. Despite the company’s claims that its services are only offered outside the European Union, this does not mitigate the issue. The Dutch DPA believes that the use of such technologies demands strict regulation, and commercial enterprises must not exploit them.
Clearview AI has egregiously violated the provisions of the GDPR. Specifically, the company unlawfully created a database containing photographs and biometric codes, a serious breach of privacy rights. Like fingerprints, unique facial codes require stringent regulation and cannot be collected without consent.
Furthermore, the company’s operations have been criticized for lacking transparency. Individuals whose data is stored in Clearview AI’s database were not adequately informed about the use of their photographs and biometric information. Additionally, while individuals have the right to access their data, the company has not provided such an opportunity.
Despite demands to halt its violations, Clearview AI has failed to take the necessary measures following the conclusion of the investigation, prompting the Dutch DPA to impose additional sanctions. If the company does not cease its unlawful activities, it will face further financial penalties.
Clearview AI, an American company with no offices in Europe, has been fined by other European regulators for similar offenses, yet continues to disregard legal requirements. As a result, the Dutch DPA is considering holding the company’s executives personally accountable for the violations, with the possibility of imposing individual penalties.
