In this 2022 photo, Clearview AI is showcasing its facial recognition software. Recently, the company was fined millions of euros by the Dutch data protection authority for privacy violations. The watchdog claims that creating a database of people's faces without their knowledge or consent significantly infringes on privacy rights. (Seth Wenig/AP)
Clearview AI, a U.S.-based facial recognition company, has been hit with a 30.5 million euro fine ($45.6 million Cdn) by the Netherlands' Data Protection Agency (DPA). The agency accused Clearview of building an "illegal database" containing billions of facial images collected from the internet without consent. The watchdog also issued a warning to Dutch companies, stating that using Clearview's services is strictly prohibited within the country.
The DPA emphasized that Clearview violated the European Union's General Data Protection Regulation (GDPR), a set of stringent rules aimed at protecting individuals' privacy. According to the agency, Clearview failed to notify the people whose photos were included in the database, a serious breach of the GDPR. This incident highlights the dangers posed by facial recognition technology, which is increasingly seen as a threat to privacy.
DPA Chairman Aleid Wolfsen explained that this technology is "highly intrusive" and should not be deployed recklessly. He warned that anyone with a photo on the internet could potentially end up in Clearview's database and be monitored without their knowledge or consent. Wolfsen stressed that this scenario is not some far-fetched plot from a dystopian film but a real issue affecting people around the world.
In addition to the fine, Clearview faces potential noncompliance penalties of up to 5.1 million euros ($5.6 million Cdn) if it continues to breach EU regulations. The DPA's decision serves as a strong reminder of the importance of protecting personal data and the consequences of failing to comply with privacy laws.
Despite the hefty fine, Clearview maintains that it is not subject to EU regulations. In a statement, the company's chief legal officer, Jack Mulcaire, called the DPA's decision "unlawful" and argued that Clearview does not have a physical presence or customers in the Netherlands or the European Union. Therefore, Mulcaire claimed, the company should not be held accountable under GDPR.
This isn't the first time Clearview has faced legal trouble. In June, the company settled a lawsuit in Illinois, U.S., which accused it of violating privacy rights by collecting facial images without permission. The settlement, which could exceed $50 million US, stemmed from multiple lawsuits filed across the country. However, as part of the agreement, Clearview did not admit to any wrongdoing.
Clearview's database, which pulls images from social media and other websites, has been sold to various clients, including businesses, individuals, and government agencies. Critics argue that this kind of mass data collection is an invasion of privacy and can lead to misuse by authorities and private entities alike.
As facial recognition technology advances, privacy and data protection concerns are growing. This case in the Netherlands is just one of many legal challenges that Clearview and other facial recognition companies will likely face in the coming years. The outcome of such cases could shape the future of privacy protection and how this powerful technology is regulated globally.
