Ads
Clearview AI, the infamous U.S. face recognition company that violated GDPR laws by scraping the internet for unauthorized selfies to create a database of 30 billion images, recently faced its largest GDPR penalties to date. The Dutch data protection authority, Autoriteit Persoonsgegevens (AP), fined Clearview AI €30.5 million, or $33.7 million, for various violations of GDPR regulations. This penalty exceeds previous fines imposed by France, Italy, Greece, and the U.K.
The AP’s investigation into Clearview AI began in March 2023 after complaints from three individuals regarding the company’s data access violations. Under the GDPR, EU citizens have the right to access or erase their personal data, which Clearview AI failed to comply with. The company also illegally collected biometric data to create its database, leading to additional fines from the AP. The regulator also cited Clearview AI for transparency issues related to GDPR compliance.
According to the AP, Clearview should never have created a database containing photos, unique biometric codes, and other personal information, particularly face-derived biometric data. The company failed to notify individuals whose data was collected and stored in its database, violating GDPR regulations.
Clearview AI’s chief legal officer, Jack Mulcaire, denied the allegations and claimed that the company is not subject to GDPR regulations because it does not have a presence in the EU. However, the Dutch regulator maintains that Clearview AI is still subject to GDPR rules since it processes personal data of EU citizens.
The AP warned that Dutch organizations using Clearview AI’s services may face heavy penalties for violating GDPR regulations. The agency is also exploring measures to hold corporate executives personally accountable for GDPR violations. If directors are found to be aware of GDPR violations and fail to take action to prevent them, they may be held liable and penalized.
The ongoing investigation into Clearview AI’s compliance with GDPR regulations raises questions about the enforcement of privacy laws on a global scale. Despite facing significant fines, the company continues to operate with apparent impunity due to its location outside of the EU. The Dutch AP is concerned about the company’s disregard for GDPR regulations and is exploring ways to ensure compliance, including holding executives accountable for violations.
The potential for personal liability for corporate executives in cases of GDPR violations could have far-reaching implications for companies operating in the EU. Clearview AI’s case serves as a reminder of the importance of data protection regulations and the need for companies to comply with laws governing the processing of personal data.
As the investigation into Clearview AI continues, the Dutch AP is determined to hold the company accountable for its violations of GDPR regulations. By considering measures to ensure compliance and exploring options for personal liability for corporate executives, the agency aims to send a strong message about the importance of protecting EU citizens’ personal data.
