ADS
Clearview AI has recently faced its largest GDPR penalties yet as the Dutch regulator contemplates holding executives personally accountable for the company’s data privacy violations. Known for scraping the internet for unauthorized selfies to build a massive database of 30 billion images, Clearview AI has come under fire from the Netherlands’ data protection authority, Autoriteit Persoonsgegevens (AP).
The AP has fined Clearview AI for multiple GDPR violations after confirming that the company’s database contains images of Dutch citizens. This penalty exceeds the sanctions imposed by France, Italy, Greece, and the U.K. in 2022. The AP issued a statement warning Clearview AI that it had failed to address GDPR breaches even after an investigation and imposed additional penalties for continuous non-compliance.
The Dutch data protection regulator initiated an inquiry into Clearview AI in March 2023 following complaints from three individuals about the company’s data access practices. Under the General Data Protection Regulation (GDPR), EU citizens have the right to access or delete their personal data. Despite these rights, Clearview AI has ignored requests from individuals.
In addition to illegally collecting biometric data to create its database, Clearview AI has also been fined by the AP for transparency issues related to GDPR compliance. The AP stated that Clearview should not have built a database containing photos, unique biometric codes, and other linked information, particularly face-derived biometric codes, such as fingerprints, which are illegal to collect and use under the GDPR.
The regulator also criticized Clearview AI for failing to inform individuals whose personal data was collected and added to its database. Despite these findings, Lisa Linden of Resilere Partners, Clearview’s PR company, did not respond to inquiries but provided a statement attributed to Clearview’s chief legal officer, Jack Mulcaire. Mulcaire claimed that Clearview AI does not have a physical presence in the Netherlands or the EU, does not serve customers in the region, and does not engage in activities that would subject it to the GDPR.
However, the Dutch regulator maintains that Clearview AI is subject to GDPR regulations as it processes the personal data of EU citizens globally. The AP emphasized that firms in the Netherlands using Clearview AI services could face significant penalties for violating privacy laws, as Clearview’s practices are deemed unlawful.
Despite the significant GDPR fines imposed on Clearview AI in recent years, the company has refused to cooperate with regional data protection authorities and lacks legal representation in the EU. The AP expressed concern over Clearview’s continued violations of GDPR and European privacy regulations, which have gone unchecked due to the company’s location overseas.
In light of these ongoing concerns, the Dutch AP is exploring ways to hold Clearview AI’s corporate directors personally liable for the company’s infractions. The agency is investigating whether directors who are aware of GDPR violations and fail to take corrective action can be held accountable and penalized.
The potential for personal liability for corporate managers could have a significant impact on Clearview AI’s operations and compliance with GDPR. Similar to the recent arrest of Pavel Durov, the founder of Telegram, for spreading illegal content in France, sanctioning Clearview’s executives may motivate them to ensure compliance with EU privacy regulations to avoid personal repercussions.
As this situation unfolds, the Dutch AP continues to scrutinize Clearview AI’s actions and explore avenues for holding those responsible for data privacy violations accountable. By holding corporate directors personally liable, the regulator aims to deter future infractions and protect the rights of EU citizens in the digital age.
