Dutch DPA Issues Hefty Fine to Clearview AI for GDPR Violations
Clearview AI, a facial recognition company, has been hit with a significant fine of €30.5 million (about $33.7 million) by the Dutch Data Protection Authority (Dutch DPA). The company is accused of violating the EU’s General Data Protection Regulation (GDPR) by creating a massive database of facial images without obtaining consent from individuals.
The Dutch DPA found Clearview AI in breach of several GDPR principles, including the unlawful processing of personal data and a lack of transparency regarding the use of biometric data. The company’s practice of assigning unique biometric codes to individuals, without their knowledge or consent, was a key factor in the decision. Clearview AI’s failure to inform people about how their data is used and to provide ways to access or delete their data further contributed to the fine.
Continued Violations and Global Scrutiny
Despite the ongoing investigation, Clearview AI has not stopped its controversial practices. This continued non-compliance could lead to additional fines of up to €5.1 million ($5.6 million). The severity of the situation prompted the Dutch DPA to ban Dutch companies from using Clearview AI’s services.
This is not the first time Clearview AI has faced regulatory action. Authorities in the UK, France, and Italy have also imposed penalties for similar privacy breaches. Clearview AI maintains that it does not fall under EU data protection laws because it lacks a physical presence in the EU. However, the Dutch DPA rejected this argument. The regulatory body is even considering holding Clearview AI’s management personally responsible for the GDPR violations if they knew about the breaches and did nothing to stop them.
