Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Artificial Intelligence

Clearview AI Fined $33.7 Million by Dutch Data Protection Watchdog Over ‘Illegal Database’ of Faces

Dutch agency said a database with billions of photos of faces amounted to serious violations of GDPR.

The Dutch data protection watchdog on Tuesday issued facial recognition startup Clearview AI with a fine of 30.5 million euros ($33.7 million) over its creation of what the agency called an “illegal database” of billion of photos of faces.

The Netherlands’ Data Protection Agency, or DPA, also warned Dutch companies that using Clearview’s services is also banned.

The data agency said that New York-based Clearview “has not objected to this decision and is therefore unable to appeal against the fine.”

But in a statement emailed to The Associated Press, Clearview’s chief legal officer, Jack Mulcaire, said that the decision is “unlawful, devoid of due process and is unenforceable.”

The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union’s General Data Protection Regulation, or GDPR.

“Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world,” DPA chairman Aleid Wolfsen said in a statement.

“If there is a photo of you on the Internet — and doesn’t that apply to all of us? — then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China,” he said.

DPA said that if Clearview doesn’t halt the breaches of the regulation, it faces noncompliance penalties of up to 5.1 million euros ($5.6 million) on top of the fine.

Advertisement. Scroll to continue reading.

Mulcaire said in his statement that Clearview doesn’t fall under EU data protection regulations.

“Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR,” he said.

In June, Clearview reached a settlement in an Illinois lawsuit alleging its massive photographic collection of faces violated the subjects’ privacy rights, a deal that attorneys estimate could be worth more than $50 million. Clearview didn’t admit any liability as part of the settlement agreement.

The case in Illinois consolidated lawsuits from around the U.S. filed against Clearview, which pulled photos from social media and elsewhere on the internet to create a database that it sold to businesses, individuals and government entities.

RelatedFrance Punishes Clearview AI For Failing To Pay Fine

RelatedFacial Recognition Firm Clearview AI Fined $9.4 Million by UK Regulator

RelatedCanada Probe Concludes Clearview AI Breached Privacy Laws

Written By

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Hear from experts as they explore the latest trends, challenges and innovations in Attack Surface Management.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Janet Rathod has been named VP and CISO at Johns Hopkins University.

Barbara Larson has joined SentinelOne as Chief Financial Officer.

Amy Howland has been named Partner and CISO at Guidehouse.

More People On The Move

Expert Insights