Clearview has to pay €30.5M fine for illegal data collection
The Dutch data protection authority (DPA) has imposed a fine of € 30.5 million for illegally building a photo database for facial recognition services and not being transparent about the use of photos and biometric data.
Clearview AI is an American tech company that offers facial recognition services to hundreds of law enforcement agencies worldwide. Customers can upload a picture and Clearview’s software can identify the people in it. With more than 30 billion photos, Clearview has the largest database of facial profiles in the world.
Clearview collected all of these photos by using scraping software. The software simply visits public sources on the internet, such as social media platforms and personal blogs, and amasses pictures and associated information. The faces on these photos are turned into a unique biometric code and a patented facial recognition program then builds a database that can be used for facial recognition.
All of this is done without people knowing and without their consent.
That’s a clear violation of the General Data Protection Regulation (GDPR) on several points, the Autoriteit Persoonsgegevens argues. Clearview should never have built its photo database with unique biometric codes and other information linked to people. Like fingerprints, these are biometric data, and collecting and using them is prohibited.
In addition, Clearview doesn’t inform the people that are in the database that the company uses their photos and biometric data. If someone submits an information request or demands his profile to be deleted, Clearview doesn’t cooperate.
For these GDPR violations the Dutch DPA imposes a fine of € 30.5 million on Clearview. If Clearview doesn’t stop the violations, the company will have to pay non-compliance penalties up to € 5.1 million on top of the fine.
“Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world. If there is a photo of you on the Internet – and doesn't that apply to all of us? – then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China,” Dutch DPA chairman Aleid Wolfsen says.
The Dutch DPA is now going to investigate if management can be held personally liable and fine them for directing the GDPR violations.
Clearview has not objected to the DPA’s decision and is therefore unable to appeal against the fine.
This isn’t the first multi-million euro fine Clearview has received. DPA’s from France, Greece, Italy and the United Kingdom have imposed fines up to € 20 million in the past. Regulators from Australia, Belgium, Canada, Germany and Sweden have ordered Clearview to stop collecting and using photos from its citizens and to delete their photos.
Your email address will not be published. Required fields are marked