Clearview AI Sanctioned in the Netherlands: Million-Euro Fines for GDPR Violations | Clearview ai | Netherlands ai | GDPR | Turtles AI
Clearview AI, the facial recognition startup using a vast database of images scraped from the web without consent, has been fined €30.5 million by Dutch authorities for serious GDPR violations. The fine could increase further if the company continues to violate European privacy regulations.
Highlights:
- Record fine: The Dutch Data Protection Authority fined Clearview AI €30.5 million for GDPR violations.
- Potential increase in penalties: An additional €5.1 million could be added if Clearview AI does not comply.
- Biometric data without consent: The company collected biometric data without a legal basis, one of the key violations alleged.
- Legal consequences for executives: Personal liability for company executives is being considered.
Clearview AI, a U.S.-based company known for creating a database of over 30 billion images through unauthorized web scraping, has faced its largest penalty in Europe yet, this time from the Dutch authorities. The Autoriteit Persoonsgegevens (AP), the Dutch Data Protection Authority, has imposed a €30.5 million fine for various breaches of the European Union’s General Data Protection Regulation (GDPR) after confirming that the database contains images of Dutch citizens. The sanction is further aggravated by an additional potential fine of €5.1 million that could be applied if Clearview AI continues to ignore European privacy laws.
The Dutch investigation into Clearview AI began in March 2023 following complaints from three individuals regarding the company’s failure to comply with data access requests. The GDPR provides EU residents with specific rights concerning their data, including the right to request a copy or its deletion. Clearview AI, however, has not adhered to these requests. The AP’s penalty extends beyond the failure to comply with data access requests; it also covers the acquisition of biometric data without a valid legal basis and a lack of transparency in communication with affected individuals.
According to the Dutch authority’s decision, Clearview AI not only collected photos but also generated unique biometric codes from these images, an operation deemed highly sensitive and comparable to fingerprints. The AP stated that collecting and using such biometric data is prohibited, with only rare exceptions allowed by law — exceptions that Clearview AI cannot claim. Additionally, the company failed to inform individuals about the acquisition and use of their personal data, another critical point highlighted by the Dutch decision.
When approached for comment, Clearview representative Lisa Linden denied the validity of the Dutch decision, arguing that the company has no offices or customers in the EU and does not engage in activities that would make it subject to the GDPR. However, the GDPR is extraterritorial in scope and applies to any processing of personal data of people residing in the EU, regardless of where this processing takes place.
Clearview AI has already accumulated significant fines in various European countries, including France, Italy, Greece, and the United Kingdom, reaching a total of around €100 million in penalties. However, European authorities seem to have difficulty collecting these amounts, as the company has never designated a legal representative in Europe and continues to be uncooperative.
The Dutch AP is considering further measures to ensure that Clearview AI stops its illegal practices, including the potential personal involvement of the company’s executives. This could mean personal liability and fines for executives who, aware of GDPR violations, did not act to stop them. A similar situation recently occurred with the founder of Telegram, Pavel Durov, who was arrested in France for allegations related to illegal content spread on his platform. Directly sanctioning the people managing Clearview might indeed have a greater impact on compliance, given their need to travel freely in Europe.