Dutch regulator slaps Clearview AI with $33 million fine and threatens executive liability
Illustration: Alex Castro / The Verge
Clearview AI has been hit with its largest fine yet under Europe’s General Data Protection Regulation (GDPR) by a Dutch regulator. The Dutch Data Protection Authority (DPA) announced a fine of 30.5 million Euros, or about $33.7 million.
The American facial recognition company, which built a database of images scraped from social media platforms, has been the target of regulators around the world for alleged privacy violations. It’s previously faced fines from the UK, Australia, France, and Italy, and been forced to delete data on those countries’ residents.
The DPA accused Clearview of creating an illegal database with “unique biometric codes” linked to the photos it collected. It also allegedly failed to give people whose faces were in the database sufficient information about how their image and biometric data are used. The company also allegedly continued to violate the law after the Dutch authorities began investigating it, which the DPA said could lead to an additional fine of up to 5.1 million Euros.
Given that Clearview has not changed its behavior after other fines, according to the DPA, the regulator said in a press release it “is looking for ways to make sure that Clearview stops the violations.” Dutch DPA chairman Aleid Wolfsen said in a statement that company directors could be held personally liable if they knew of the GDPR violations and could have stopped them, but chose not to.
The Dutch DPA said Clearview can’t appeal the fine because it hasn’t objected to the decision. But Clearview says it’s not enforceable. In a statement, Clearview’s chief legal officer Jack Mulcaire said in a statement that company, “does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.” Mulcaire said that the decision is “unlawful, devoid of due process and is unenforceable.”
Illustration: Alex Castro / The Verge
Clearview AI has been hit with its largest fine yet under Europe’s General Data Protection Regulation (GDPR) by a Dutch regulator. The Dutch Data Protection Authority (DPA) announced a fine of 30.5 million Euros, or about $33.7 million.
The American facial recognition company, which built a database of images scraped from social media platforms, has been the target of regulators around the world for alleged privacy violations. It’s previously faced fines from the UK, Australia, France, and Italy, and been forced to delete data on those countries’ residents.
The DPA accused Clearview of creating an illegal database with “unique biometric codes” linked to the photos it collected. It also allegedly failed to give people whose faces were in the database sufficient information about how their image and biometric data are used. The company also allegedly continued to violate the law after the Dutch authorities began investigating it, which the DPA said could lead to an additional fine of up to 5.1 million Euros.
Given that Clearview has not changed its behavior after other fines, according to the DPA, the regulator said in a press release it “is looking for ways to make sure that Clearview stops the violations.” Dutch DPA chairman Aleid Wolfsen said in a statement that company directors could be held personally liable if they knew of the GDPR violations and could have stopped them, but chose not to.
The Dutch DPA said Clearview can’t appeal the fine because it hasn’t objected to the decision. But Clearview says it’s not enforceable. In a statement, Clearview’s chief legal officer Jack Mulcaire said in a statement that company, “does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.” Mulcaire said that the decision is “unlawful, devoid of due process and is unenforceable.”