Dutch Data Protection Authority Slaps Clearview AI with $33.7 Million Fine Amid Privacy Controversies

Dutch Data Protection Authority Slaps Clearview AI with $33.7 Million Fine Amid Privacy Controversies

By

New York-based facial recognition startup Clearview AI has now accrued fines exceeding $115 million for privacy violations across the European Union and the United Kingdom. The Dutch Data Protection Authority (DPA) has recently imposed a $33.7 million penalty, adding to a series of General Data Protection Regulation (GDPR) compliance issues that date back to 2020.

Clearview AI specializes in providing law enforcement and government agencies with advanced AI software that scrapes and organizes images from a vast database of over 30 billion photos collected from the internet, including social media platforms. The DPA has condemned Clearview AI’s operations as “illegal,” arguing that the company’s data collection practices breach Dutch privacy laws by failing to obtain consent from Dutch citizens. The DPA has characterized the technology as excessively intrusive.

The controversy surrounding Clearview AI, however, extends beyond Europe. In the United States, the company faces class action lawsuits and legal action from the American Civil Liberties Union (ACLU) in Illinois. These challenges have led to a settlement that prohibits Clearview from granting access to its image database to private entities in Illinois and, by extension, across the U.S., effectively limiting its customer base to law enforcement and government agencies.

Jack Mulcaire, Clearview AI’s Chief Legal Officer, has sharply criticized the latest fine, calling it “completely devoid of due process.” He argues that Clearview AI has no physical presence or customers in the Netherlands or the EU, and therefore should not be subject to GDPR regulations. Mulcaire described the decision as “unlawful” and “unenforceable.”

In response, the DPA has noted that Clearview AI did not challenge the decision, which means it forfeited its right to appeal the fine. Aleid Wolfsen, Chairman of the DPA, emphasized the agency’s position by highlighting the intrusive nature of facial recognition technology.

“Facial recognition is a highly intrusive technology that cannot simply be unleashed without regard for individual privacy,” Wolfsen stated, warning that the use of Clearview’s services also breaches Dutch regulations.

For compliance and risk professionals, the Clearview AI case serves as a critical reminder of the importance of proactive risk management and adherence to privacy regulations. Ensuring compliance not only helps mitigate legal and financial risks but also supports an organization’s reputation in an increasingly regulated data environment.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.