The Dutch Data Protection Authority (Dutch DPA) has imposed a fine of €30.5 million ($33.7 million) on Clearview AI for unlawful data collection using facial recognition, including photos of Dutch citizens.
Clearview AI is an American technology company specializing in facial recognition software and is known for creating a vast database of facial images scraped from public sources on the internet.
These images are used to generate unique biometric identifiers, allowing customers such as law enforcement agencies and private organizations to identify individuals using their own sets of images and videos.
This practice has been highly controversial due to privacy concerns and the ethical considerations related to people’s lack of knowledge or consent for processing their biometric information.
According to the Dutch DPA, Clearview AI has populated its massive database of images containing over 30 billion photos, with faces from people in the Netherlands without asking for their consent.
These faces are then converted into unique biometric codes that are used in facial recognition systems operating worldwide, potentially identifying those people and linking them to online accounts and activities.
“Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world,” stated Dutch DPA’s chairman Aleid Wolfsen.
“If there is a photo of you on the Internet – and doesn’t that apply to all of us? – then you can end up in the database of Clearview and be tracked.”
According to the Dutch DPA, the lack of consent constitutes a violation of the EU’s General Data Protection Regulation (GDPR), which has prompted authorities in Italy and France to impose €20,000,000 fines on Clearview AI for similar reasons.
Despite this, the DPA says Clearview AI has not changed its European practices and maintains an opaque stance on how people’s biometric data is managed.
If Clearview AI fails to change course and continues its non-compliance, the Dutch DPA threatens to impose an additional fine of €5.1 million ($5.6 million).
Clearview AI rejects the action
In a statement to BleepingComputer, Clearview AI’s chief legal officer, Jack Mulcaire, rejected the DPA’s claims and added that the Dutch have no jurisdiction or right to impose a fine on them as they do not do business in the Netherlands.
“Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR. This decision is unlawful, devoid of due process and is unenforceable.” – Jack Mulcaire, Chief Legal Officer, Clearview AI.
Source: www.bleepingcomputer.com