Clearview AI has been fined again in Europe. The organization allegedly violated the GDPR by taking imagery and other personal data from the internet to power its AI-driven identity-matching service for law enforcement and other sectors.
Clearview AI develops face detection and recognition technology. The latest fine comes after the firm failed to respond to a 2021 request from France’s privacy regulator (CNIL) to stop unlawfully processing the personal data of French residents. Clearview AI ghosted the regulator, adding a third GDPR violation — failure to cooperate with a regulator — to its previous infractions.
The breaches, according to CNIL
According to the CNIL, Clearview AI unlawfully processed personal data (GDPR Article 6), refused to cooperate with regulators (GDPR Article 31) and failed to respect individuals’ rights (GDPR Articles 12, 15 and 17).
CNIL announced the fine in a statement and noted that Clearview AI has been warned months ahead of the latest decision. According to CNIL, the organization did not respond to the warning. As a result, the head of the CNIL decided to submit the case to the restricted committee responsible for imposing sanctions.
Stay out of Europe
For the most serious violations, the EU’s GDPR allows fines of up to 4 percent of a company’s annual global sales — or €20 million, whichever is greater. In the case of Clearview AI, the CNIL’s is imposing the maximum amount possible (€20 million).
Other data protection regulators in Europe slapped the US-based company with a flurry of fines in recent months, including €20 million fines in Italy and Greece, and a minor penalty in the UK.
It’s unclear whether Clearview AI has turned over any of the money to authorities, who possess limited resources (and legal tools) to pursue payment. At this stage, the fines warn Clearview AI to stay out of Europe.