Dutch privacy watchdog fines Clearview AI $34 million for ‘illegal’ database of faces

Summary: The Dutch Data Protection Authority has fined Clearview AI €30.5 million for creating an illegal database of facial images, citing violations of the General Data Protection Regulation (GDPR). The authority emphasized the intrusive nature of facial recognition technology and the lack of transparency from Clearview regarding its data collection practices.

Threat Actor: Clearview AI | Clearview AI
Victim: Individuals with facial images | Individuals with facial images

Key Point :

  • Clearview AI was fined for creating a database of over 30 billion facial images without consent.
  • The Dutch DPA highlighted the company’s serious violations of GDPR and its lack of transparency regarding data usage.
  • Clearview AI faces an additional fine of up to €5 million if it fails to comply with the order.
  • The DPA warned that facial recognition technology is highly intrusive and should not be used indiscriminately.

The Netherlands’ top privacy regulator announced Tuesday that it has fined the facial recognition technology company Clearview AI €30.5 million ($34 million) for creating what it called an illegal database of facial images.

The Dutch Data Protection Authority (Dutch DPA) said it will also levy a fine of up to €5 million ($5.5 million) if Clearview AI does not comply with the order.

The American facial recognition company has not fought the decision resulting from the data privacy watchdog’s investigation and therefore cannot appeal the fine, the Dutch DPA said in a statement, in which it also warned companies that it is illegal to use Clearview AI services.

“Clearview has seriously violated the privacy law General Data Protection Regulation (GDPR) on several points: the company should never have built the database and is insufficiently transparent,” the Dutch DPA statement said.

The GDPR is a European Union law that regulates the processing and transfer of personal data. It took effect in 2018 and is considered one of the world’s toughest privacy laws.

The facial recognition firm should not have created the photo database, the Dutch DPA said, and should not have linked photos with “unique biometric codes” and other information.

“This especially applies for the codes,” the statement said. “Like fingerprints, these are biometric data. Collecting and using them is prohibited.”

Clearview AI did not respond to a request for comment.

The Dutch DPA pointed to how Clearview scrapes photos from the internet and does not obtain subjects’ consent when doing so or creating the linked code.

Last week, the Dutch DPA fined Uber €290 million ($324 million) for collecting sensitive data from European drivers — including location data, photos and criminal and medical records — before shipping it to the U.S. without adequate data protection measures.

In a statement outlining its charges against Clearview, the Dutch DPA noted that the firm is a commercial business whose customers can provide camera images to find out who people are, culling identities from a database with more than 30 billion photos of individuals. 

“Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world,” Dutch DPA chairman Aleid Wolfsen said in a statement. 

“If there is a photo of you on the Internet – and doesn’t that apply to all of us? – then you can end up in the database of Clearview and be tracked,” Wolfsen added. “This is not a doom scenario from a scary film.”

In addition to lambasting Clearview for building its database of faces to begin with, the Dutch DPA criticized the company for what it called its lack of transparency..

“Clearview informs the people who are in the database insufficiently about the fact that the company uses their photo and biometric data,” the Dutch DPA statement said. 

The AI company must show consumers what information it has collected on them if they ask, but does not do so, the Dutch DPA said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Source: https://therecord.media/clearview-ai-fined-34-million-dutch-data-privacy-watchdog