The Dutch Data Protection Authority (DPA) has fined facial recognition firm Clearview AI €30.5 million ($33.7 million) for violating the General Data Protection Regulation (GDPR) in the European Union (EU) by creating “illegal database”. with billions of photos of faces,” including citizens of the Netherlands.
“Facial recognition is a very intrusive technology that you can’t just apply to anyone in the world,” Dutch DPA chairman Aleid Wolfsen said in a statement to the press.
“If there is a picture of you on the Internet – doesn’t that concern all of us? – then you can get into the Clearview database and be tracked. This is not a doomsday scenario from a scary movie. is this something that can only be done in China?”
Clearview AI was in the regulatory hot water in several countries, such as the UK, Australia, France and Italy, due to the practice of collecting publicly available information on the Internet to create a vast database containing more than 50 billion photos faces of people.
Individuals identified from these images are assigned a unique biometric code, which is then packaged as part of intelligence and investigative services offered to law enforcement clients to “rapidly identify suspects, persons of interest and victims to help solve and prevent crime.”
The Dutch DPA, in addition to accusing Clearview of collecting data on users’ faces without their consent or knowledge, said the company “insufficiently” informs the people in its database of how their data is being used and that it does not offer mechanism to access their data upon request.
Currently only Clearview suggestions residents of six US states – California, Colorado, Connecticut, Oregon, Utah and Virginia – the ability to access, delete and refuse profiling.
It also alleged that the New York-based firm failed to stop the violations even after an investigation, ordering them to stop with immediate effect or face an additional fine of 5.1 million euros ($5.6 million). In addition, the ruling prohibits Dutch companies from using Clearview’s services.
“We are now going to investigate whether we can hold the management of the company personally liable and fine them for leading these violations,” Wolfsen said.
“This liability already exists where directors know that the GDPR is being breached, have the power to stop it, but fail to do so, and thus knowingly accept those breaches.”
In a statement released to the Associated Press, Clearview said it is not subject to EU data protection regulations as it does not have an establishment in the Netherlands or the EU. He also called the decision “illegal.”
Back in June, the campaign continues settled down a lawsuit filed in the US state of Illinois for violating the privacy of facial recognition by giving the plaintiff a 23% share of its future value, as opposed to a traditional payout. However, he did not admit any wrongdoing.
