Dutch regulator fines Clearview AI €30.5m
US-based Clearview AI has found itself on the wrong side of EU privacy regulators again.
This time Dutch regulator, the Personal Data Authority, is fining Clearview AI €30.5 million and periodic penalty payments with a maximum of more than €5 million.
Clearview is a commercial company that offers facial recognition services to intelligence and investigation agencies. Clearview customers can submit camera images to find out the identities of people who appear in the picture. It has a database of more than 30 billion photographs of people for this purpose. Clearview automatically scrapes those photos from the Internet, then converts them into a unique biometric code per face. Without these people knowing and without their consent.
“Facial recognition is a very invasive technology, which you can’t just unleash on everyone in the world,” said Personal Data Authority chairman Aleid Wolfsen. “If a picture of you is on the Internet – and who isn’t? – then you can end up in Clearview’s database and be tracked. This is not a doomsday scenario from a creepy movie. Nor is it something that could only happen in China.”
Wolfsen recognises the importance of security and detection of criminals by official agencies. He also recognises that techniques such as facial recognition can contribute to this. But certainly not by a commercial company. And by authorised bodies only in very exceptional cases. Police, for example, must then manage the software and database themselves, under strict conditions enforced by regulators.
Clearview should never have created the database with photos, the linked unique biometric codes and other information. This is especially true of the codes. These are biometric data, just like fingerprints. Collecting and using them is prohibited. There are some legal exceptions to this prohibition, but Clearview cannot invoke them.
The company further does not adequately inform people who are in the database that the company is using their photo and biometric data. Also, people who are in the database have the right to see their data. That means Clearview must show people what data the company has on them if they ask. But Clearview is not cooperating with requests for access.
Clearview did not stop the violations after the Dutch investigation. If Clearview ignore the order, it company must pay penalty payments totaling up to €5.1 million on top of the fine.
Still, Clearview does not seem to be adjusting its behaviour and without an office in Europe it’s highly unlikely any fine will be paid.
Subscribers 0
Fans 0
Followers 0
Followers