Clearview AI fined (again) for violating GDPR with its facial recognition technology

In context: French authorities have imposed the maximum possible fine on Clearview AI, a biometrics startup selling its controversial facial recognition technology to governments and law enforcement around the world. The company must delete the data already acquired on French citizens under penalty of an additional fine of €100,000 per day.

Clearview AI has received yet another fine for its biometric profiling activities in Europe, this time for illegally collecting and using data belonging to French citizens without their knowledge. The National Commission for Computing and Liberties (CNIL), the French data protection authority, imposed a fine of 20 million euros on the American company after a long investigation and an unsuccessful attempt at cooperation.

Clearview markets facial recognition tools for businesses, individuals and law enforcement, touting that its algorithm can detect any individual with “99% accuracy” in a database with more than 30 billion people. pictures of faces. The company scrapes the entire public internet (including social media) to obtain these images – a perfectly legal activity according to Clearview CEO Hoan Ton-Opinion.

Clearview’s “unbiased” methods might be perfectly legal, but the biometrics company is battling with fines and cease-and-desist orders in several countries. The CNIL’s latest decision comes after a two-year investigation opened in May 2020, when the French authority received complaints from individuals about facial recognition software Clearview. Another warning about biometric profiling came from the organization Privacy International in May 2021.

In December 2021, the CNIL cooperated with its European counterparts to share the results of independent investigations, ultimately ordering Clearview to stop reusing photos available on the Internet. Since Clearview showed no interest in complying, the CNIL’s final decision was to impose the maximum financial penalty on the company: 20 million euros. The company will have to delete data already collected on French citizens, with an additional fine of €100,000 for each day of delay after a two-month grace period.

The CNIL recalls having found Clearview AI guilty of several breaches of the General Data Protection Regulation (GDPR). Violations include unlawful processing of personal data (Article 6 of the GDPR), failure to respect the rights of individuals (Articles 12, 15 and 17) and failure to cooperate with the data protection authority (Article 31).

The CNIL ruling is the third ruling against Clearview’s business after state authorities recently fined the company for illegally collecting biometric data in Italy and Greece. It probably won’t be the last. The New York-based company continues to sell the idea that its dystopian facial database can “help communities and their people live better, safer lives.”

Leave a Comment