The Garante per la Protezione dei Dati Personali (GPDP) has fined Clearview AI €20 million. The privacy watchdog rules that the American tech company has unlawfully collected biometric data from Italian citizens. In addition, the company must destroy all collected data and can no longer collect data from Italians with its facial recognition technology.
The Italian regulator reports this in a press statement.
Clearview has a controversial working method
Clearview AI is an American technology company that specializes in facial recognition. Using scraping software, the company automatically collects profile photos with associated information, such as names, dates of birth, and places of residence. All these faces and information end up in a facial recognition database. Experts say this database contains more than ten billion facial profiles.
The technology and working method of Clearview AI is quite controversial. Regulators and privacy organizations from France, Italy, Greece, Austria, and the United Kingdom filed a complaint against the company last year for privacy violations. The American tech company had not explicitly asked for permission to include facial profiles in a database. There was also no legal basis for this. Finally, people could not appeal to have their faces removed from the database.
The Information Commissioner’s Office (ICO) fined Clearview AI at the end of last year £17 million for violating UK privacy rules. Around the same time, the Commission Nationale de l’ Informatique et des Libertés (CNIL) asked to stop collecting and processing photos of French citizens. The French regulator also ordered that all photos of French men and women be removed within two months. Regulators from Sweden, Germany, Canada, and Australia have also demanded that Clearview stop collecting facial profiles.
Italian regulator cracks down on Clearview AI
The Italian regulator is now also intervening. GPDP investigators have determined that Clearview AI is unlawfully collecting biometric and location data. Furthermore, the company is violating European privacy legislation because it is not open and honest about its data collection practices: after all, Italian citizens have not been informed about this. Furthermore, no retention period has been established and the data has also been used for other purposes.
For these violations, Clearview has to pay a fine of 20 million euros to the Italian regulator. In addition to the fine, the US company must delete all collected photos of Italian citizens. Furthermore, it can no longer use its facial recognition system in Italy and must designate an EU representative to act as an interlocutor.
Bits of Freedom calls on AP to take action against Clearview
Bits of Freedom hopes that the Dutch regulator will now also take action against Clearview AI. “Although the Dutch Data Protection Authority speaks out against the unlawful use of facial recognition technology and calls for a ban on this technology, it remains scrupulously silent about Clearview AI. Hopefully, the decisiveness of the Italian regulator will now convince her.”
Catch up on more articles here
Follow us on Twitter here