Clearview AI faces record €30.5M fine from Dutch Regulator for GDPR Violations

Clearview AI, the controversial U.S.-based facial recognition startup, has been hit with its largest privacy fine in Europe, as the Netherlands’ data protection authority, Autoriteit Persoonsgegevens (AP), announced a €30.5 million ($33.7 million) penalty for breaches of the European Union’s General Data Protection Regulation (GDPR). This fine surpasses earlier GDPR sanctions imposed on the company by regulators in France, Italy, Greece, and the U.K. in 2022.

The AP’s decision, disclosed on Tuesday, follows an investigation that revealed Clearview AI’s database contained images of Dutch citizens. The fine reflects multiple GDPR violations, including the illegal collection and processing of biometric data, such as facial images, without a valid legal basis.

In addition to the €30.5 million penalty, the AP has imposed a further conditional fine of up to €5.1 million. This additional penalty will be enacted if Clearview AI fails to comply with GDPR requirements and address the issues identified in the investigation. Consequently, the total financial liability could reach €35.6 million if Clearview AI continues its non-compliance.

The investigation began in March 2023 after the AP received complaints from individuals regarding Clearview AI’s failure to honor data access requests. Under GDPR, EU residents have the right to request access to their personal data or to have it deleted. Clearview AI has been found in violation of these rights, as it did not adequately respond to such requests.

The AP’s sanctions against Clearview AI also highlight significant transparency failures and unauthorized collection of biometric data. “Clearview should never have built the database with photos, the unique biometric codes, and other information linked to them,” stated the AP. The authority emphasized that the collection and use of biometric data, akin to fingerprints, is generally prohibited under GDPR, with few exceptions that Clearview AI cannot rely on.

The substantial fine reflects growing concerns over the ethical implications of facial recognition technology and the importance of robust data protection practices. Clearview AI’s operations, which involve scraping the internet for images without user consent, have drawn widespread criticism and legal challenges, underscoring the ongoing debate over privacy and data rights in the digital age. It is felt that AI regulations are very much needed on high priority because of the AI boom that we have seen in last 12 to 18 months.