Press Release: Clearview AI Fined €30.5 Million by Dutch Data Protection Authority for Illegal Facial Recognition Database
Amsterdam, 3 September 2024 – The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million on Clearview AI for constructing an illegal facial recognition database that includes the photos of billions of individuals, including Dutch citizens, without their knowledge or consent.
Clearview AI, an American commercial enterprise, provides facial recognition services primarily to intelligence and investigative services. The company’s database comprises over 30 billion photos harvested from the internet without the consent of the individuals depicted. These photos are then transformed into unique biometric codes for each face.
According to the Dutch DPA, Clearview AI’s actions represent a flagrant violation of the General Data Protection Regulation (GDPR), which is designed to protect the privacy and personal data of EU citizens. The Dutch DPA has also issued a warning that utilizing Clearview AI’s services is illegal under GDPR guidelines.
Key Points of the Dutch DPA’s Decision:
-
Serious Privacy Violation: The Dutch DPA has determined that the scraping of personal photos and the creation of biometric codes without consent is a severe breach of privacy rights.
-
Facial Recognition Intrusiveness: Dutch DPA chairman Aleid Wolfsen emphasized the intrusiveness of facial recognition technology, stating that it cannot be deployed without restrictions. Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world, he said.
-
Exceptional Use by Authorities: Wolfsen acknowledged the potential benefits of facial recognition for public safety and crime detection but stressed that such technology should be used only by competent authorities and under strict conditions.
-
Failure to Inform and Non-Compliance: Clearview AI failed to inform individuals that their photos and biometric data were being used and has not cooperated with requests for data access, as required by GDPR.
-
Penalties for Non-Compliance: The Dutch DPA has ordered Clearview AI to cease its illegal activities and has threatened additional penalties of up to 5.1 million euros if the company does not comply.
-
Previous Fines and Potential Liability: Other data protection authorities have previously fined Clearview AI for similar violations. The Dutch DPA is now considering whether to hold the company’s management personally liable for directing these violations.
This latest fine underscores the Dutch DPA’s commitment to enforcing GDPR and protecting the privacy rights of individuals. It serves as a stark reminder to companies worldwide that they must respect and adhere to privacy regulations, especially when dealing with sensitive personal data such as biometric information.
Contact Information:
For further inquiries, please contact the Dutch Data Protection Authority:
Email: [email protected]
Phone: +31 (0)70 888 8500
End of Press Release
Views: 0