The Dutch Data Protection Authority (DPA) has imposed a substantial fine of 30.5 million euros ($33.7 million) on facial recognition startup Clearview AI for creating what it deemed an “illegal database” of billions of facial images. The penalty underscores the growing scrutiny on data privacy practices, especially concerning biometric data.
The DPA also issued a stern warning to Dutch companies, prohibiting the use of Clearview's services within the Netherlands. This action reflects the agency's stance against the extensive and intrusive use of facial recognition technology without proper consent.
According to the DPA, Clearview AI's database and its lack of transparency regarding the individuals whose images were included constitute significant violations of the European Union's General Data Protection Regulation (GDPR). The regulation mandates strict controls over the collection and use of personal data, particularly sensitive information such as biometric identifiers.
Aleid Wolfsen, Chairman of the DPA, emphasized the gravity of the situation, stating, “Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world.” He highlighted the pervasive nature of the issue, noting that images of individuals, even those who are unaware, can end up in Clearview’s database and be subject to tracking. “This is not a doom scenario from a scary film. Nor is it something that could only be done in China,” Wolfsen added.
Clearview AI has responded to the fine with strong objections. Jack Mulcaire, the company’s Chief Legal Officer, criticized the decision as "unlawful, devoid of due process, and unenforceable.” He argued that Clearview AI is not subject to EU data protection regulations, asserting that the company does not have a presence or customers in the Netherlands or the EU and does not engage in activities that would bring it under GDPR jurisdiction.
The DPA has warned Clearview AI that if it does not cease its non-compliance with GDPR, it faces additional penalties of up to 5.1 million euros ($5.6 million) on top of the current fine.
This development follows a recent settlement Clearview reached in June with plaintiffs in Illinois. The settlement, estimated at over $50 million, addressed allegations that Clearview’s extensive collection of facial images violated privacy rights. The company, however, did not admit any liability as part of the settlement.
The Illinois case consolidated multiple lawsuits from across the U.S. challenging Clearview’s practices of harvesting images from social media and other online sources to build a comprehensive database, which it sold to various entities including businesses and government agencies.
