The Dutch Data Protection Authority (Dutch DPA) imposed a fine in the amount of €30.5 million on ClearView AI, and also obligated to stop violations, otherwise the company faces an additional fine of up to €5.1 million.
ClearView AI is engaged in the provision of services to recognize persons using an illegally collected database, including pictures of the Netherlands residents. ClearView provides its services to law enforcement agencies, allowing them to identify people. The company has collected a database with more than 30 billion photos, extracting them from the Internet without people’s knowledge or consent. Each person in the database is transformed into a unique biometric code. Dutch DPA warns that the use of CLEARVIEW services is also prohibited.
In Dutch DPA It was noted that the technology of facial recognition is extremely invasive and cannot be applied to everyone. People whose photographs are on the Internet can end up in the ClearView database and be monitored, which is a serious violation of human rights. Despite the company’s statements that its services are provided outside the European Union, this does not mitigate the problem. According to Dutch DPA, the use of such technologies requires strict regulation, and commercial companies should not abuse them.
ClearView grossly violated the GDPR regulations by illegally creating a database with photographs and biometric codes, which is a serious breach of privacy rights. Unique person codes, like fingerprints, require special regulation and should not be collected without permission.
The lack of transparency in ClearView’s operations is also highlighted. Individuals whose data are in the ClearView database were inadequately informed about the use of their photographs and biometric data. Additionally, people have the right to access their data, but the company does not provide this opportunity.
Despite the requirements to cease violations, ClearView failed to take necessary actions after the investigation, leading to additional sanctions by Dutch DPA. If the company does not halt its illegal activities, it will face further fines.
ClearView is an American company with no offices in Europe. Other European regulators have already fined the company for similar breaches, yet ClearView continues to disregard legal requirements. As a result, Dutch DPA is considering holding the company’s leaders personally accountable for the violations.