Clearview AI, the U.S.-based facial recognition startup, has been slapped with its largest GDPR fine yet by the Netherlands’ data protection authority, Autoriteit Persoonsgegevens (AP). The penalty, amounting to €30.5 million (approximately $33.7 million), is the result of Clearview’s extensive violations of the European Union’s General Data Protection Regulation (GDPR). The fine marks a significant escalation from previous penalties imposed by other European data protection authorities, underscoring the seriousness of Clearview’s breaches. The AP’s investigation revealed that the company’s database, which contains billions of images scraped from the internet, includes the personal data of Dutch citizens, collected without their consent.
The AP has also issued an additional order for a potential penalty of up to €5.1 million if Clearview AI fails to rectify its GDPR violations. This brings the total possible fine to €35.6 million. The authority’s decision follows an investigation initiated in March 2023, prompted by complaints about Clearview’s failure to comply with data access requests from EU residents. The company was found to have built its extensive database by harvesting biometric data, including facial recognition data, without a valid legal basis, and failed to inform individuals about the collection and use of their data.
Clearview AI has responded with defiance, arguing that the decision is unlawful and unenforceable due to its lack of a physical presence and customers in the Netherlands or the EU. However, the AP maintains that the GDPR’s extraterritorial scope applies, making Clearview’s practices subject to EU regulations regardless of its operational base. The company’s ongoing non-compliance has led the AP to explore the possibility of holding Clearview’s executives personally liable for the GDPR violations, a move that could set a precedent for accountability in data protection.
This development is part of a broader trend of increasing scrutiny and enforcement of data protection laws against tech companies. As Clearview AI continues to face backlash for its data practices, its operational model—which relies heavily on scraping and utilizing biometric data without consent—remains under intense regulatory and public scrutiny. The AP’s actions reflect a growing commitment to enforcing privacy rights and ensuring that companies adhere to stringent data protection standards.
Reference:
