The Netherlands’ top privacy watchdog has imposed a €30.5 million ($34 million) fine on U.S.-based facial recognition firm Clearview AI, citing the company’s creation of an illegal database of facial images. The Dutch Data Protection Authority (Dutch DPA) issued the fine on Tuesday, emphasizing that Clearview AI’s practices have violated multiple points of the EU’s stringent General Data Protection Regulation (GDPR).
In addition to the hefty fine, the Dutch DPA has threatened further penalties of up to €5 million ($5.5 million) if Clearview AI fails to comply with the order to halt its activities within the country. The company has not contested the decision, meaning there is no opportunity to appeal the fine, according to the Dutch DPA.
The watchdog also warned businesses in the Netherlands that using Clearview AI’s services is illegal.
“Clearview has seriously violated the privacy law General Data Protection Regulation on several points: the company should never have built the database and is insufficiently transparent,” the Dutch DPA stated.
Clear GDPR Violations
Clearview AI, known for scraping billions of photos from the internet to create a massive facial recognition database, came under fire for its failure to obtain consent from individuals whose images it collected. The company compounded its violations by linking these images to biometric identifiers—such as unique codes associated with each face—without permission.
The Dutch DPA made clear that the collection and use of biometric data without consent are strictly prohibited under the GDPR.
“This especially applies for the codes,” the authority explained. “Like fingerprints, these are biometric data. Collecting and using them is prohibited.”
Despite requests for comment, Clearview AI did not respond to the privacy watchdog’s statements.
The Risks of Unregulated Facial Recognition
The Dutch DPA’s investigation revealed that Clearview AI’s technology enables clients to use camera footage to identify individuals, leveraging a database of over 30 billion photos. This practice raises significant concerns about privacy and the potential for widespread surveillance.
The chairman of the Dutch DPA, Aleid Wolfsen, expressed grave concern about the invasive nature of Clearview’s operations:
“Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world. If there is a photo of you on the Internet—and doesn’t that apply to all of us?—then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film.”
The regulator criticized Clearview AI not only for the unauthorized creation of the facial recognition database but also for its lack of transparency. The company has failed to adequately inform individuals that their photos and biometric data are being used.
Lack of Transparency
In its statement, the Dutch DPA highlighted Clearview AI’s failure to comply with GDPR requirements for transparency. Although individuals have the right to know what personal data has been collected about them, the watchdog noted that Clearview does not sufficiently inform people about the use of their photos and biometric data.
“Clearview informs the people who are in the database insufficiently about the fact that the company uses their photo and biometric data,” the DPA emphasized.
Broader Privacy Concerns
Clearview AI is not the only company facing fines from European regulators. The Dutch DPA also recently fined ride-hailing giant Uber €290 million ($324 million) for mishandling sensitive data from European drivers, including location information, photos, and personal records, and transferring it to the U.S. without adequate safeguards.
These cases highlight the growing scrutiny of tech companies operating in Europe, as regulators work to enforce the GDPR and protect the privacy of individuals.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
