The Dutch Data Protection Authority (Dutch DPA) has imposed a significant fine of €30.5 million (approximately $33.7 million) on Clearview AI, an American facial recognition company, for violating Europe’s General Data Protection Regulation (GDPR). The fine marks the largest penalty levied against Clearview AI to date under the GDPR.
Clearview AI has faced scrutiny worldwide for building a database containing over 30 billion images of faces, scraped without consent from social media platforms and other online sources. The Dutch DPA found that Clearview created a database of “unique biometric codes” linked to these photos without informing the individuals involved or obtaining their consent. The regulator also warned that the use of Clearview’s services within the Netherlands is prohibited.
In addition to the fine, the Dutch DPA has threatened further penalties of up to €5.1 million if Clearview continues to violate GDPR regulations. Aleid Wolfsen, chairman of the Dutch DPA, emphasized the invasive nature of facial recognition technology, stating that it cannot be “unleashed on anyone in the world” without stringent oversight.
Despite the fine, Clearview AI has denied any wrongdoing, arguing that the decision is unenforceable as the company does not have operations or customers in the Netherlands or the European Union. Jack Mulcaire, Clearview’s chief legal officer, called the decision “unlawful, devoid of due process, and unenforceable.”
Clearview AI has previously been fined by regulators in the UK, Australia, France, and Italy for similar privacy violations and has been ordered to delete data pertaining to residents of those countries. The Dutch DPA’s decision reinforces the ongoing global crackdown on the misuse of biometric data and the importance of protecting individual privacy in the digital age.
Expanded Coverage:
