Dutch regulator fines Clearview AI $33.6 million for GDPR violations

Cal Jeffrey

Posts: 4,595   +1,682
Staff member
Stick a fork in it: Clearview AI was already on the verge of bankruptcy after having to fork over 23 percent of its equity to class action plaintiffs because it didn't have the funds to pay in cash. That stake was worth about $50 million. Now, regulators in the Netherlands have levied a multimillion-dollar fine for violating the GDPR.

The Dutch Data Protection Authority (DPA) has fined troubled facial recognition company Clearview AI 30.5 million euros ($33.6 million US) for violating Europe's General Data Protection Regulation (GDPR). The DPA says that Clearview's database, containing over 40 billion images, is illegal under European law.

"Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world," Dutch DPA Chairman Aleid Wolfsen said. "If there is a photo of you on the internet – and doesn't that apply to all of us? – then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China."

The DPA says that scraping the internet for images of Dutch citizens without their consent violates the GDPR rules. Furthermore, the Authority warns that it will also fine businesses and government institutions found using Clearview AI's database.

The Netherlands privacy watchdog mandated that Clearview cease all violations of the GDPR or face an additional non-compliance fine of €5.1 million ($5.6 million). It appears that this incremental fine is inevitable since, thus far, Clearview has completely ignored Dutch authorities. It has not even responded to the initial charge, an inaction that voids its right to appeal.

The American-based company thinks that since it has no international offices, it can sell its services overseas without complying with international law. The DPA contends that it will not tolerate this attitude and is looking into avenues of enforcement, including holding Clearview management personally liable.

"Such company cannot continue to violate the rights of Europeans and get away with it [sic]," Wolfsen declared. "Certainly not in this serious manner and on this massive scale. We are now going to investigate if we can hold the management of the company personally liable and fine them for directing those violations. "

The DPA admits that facial recognition can be a valuable tool for apprehending criminals, but it requires oversight to do that properly. Oversight is more challenging to enforce against private companies than government agencies, and Clearview has never been transparent or cooperative with regulators.

The Netherlands is not the only country that has disputed Clearview's practices. When news that the company indiscriminately scraped the internet for images of people's faces, all major social media sites sent cease and desist letters. Clearview co-founder and CEO Hoan Ton-That ignored these demands, insisting that the First Amendment protected his company's methods.

Scrutiny was heightened when a hacker infiltrated company servers and stole data, including Clearview's entire client list. Eventually, several states sued the company for privacy violations. Clearview recently settled the class action for a 23-percent company equity stake, equating to about $50 million or roughly 30 cents per plaintiff.

The US Congress also floated a proposed bill called the Fourth Amendment Is Not For Sale Act. The bill is still working its way through Capital Hill, most recently landing for consideration in the Senate in April. The measure should pass since it was introduced to the House of Representatives by the Senate in 2020.

Multiple countries have also taken legal action against Clearview AI, including Australia, Austria, France, Greece, Italy, and the UK. Between levied fines, legal expenses, and settlement expenditures, the firm is on the verge of bankruptcy. The fact that it has stayed in business under such circumstances demonstrates the value of wholesale consumer data.

Permalink to story:

 
Going after the directors personally may be the only way to reign in these abuses.

The problem of illegal activities crossing borders with the internet is a growing problem that shows no sign of slowing.
 
Going after the directors personally may be the only way to reign in these abuses.
I'm a little unclear on where the 'abuse' is here. Obviously you can criminalize anything by passing a law against it, but this firm was using publicly posted photographs, no? If you post a photo of yourself to a public forum, you're intentionally exposing it to the entire world. And said collected photos would then be compared only to what? Other images of you collected in a similar public manner.

Meanwhile, nations like China are secretly collating vast amounts of non-public data about each and every one of us, using everything from database hacks to backdoors in social-media apps like Tik Tok. And no one breaths a word of complaint, out of fear of angering the mighty CCP.
 
Well according to Clearview's legal officer "“Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU" ; so it strikes me strange that the EU is trying to fine them; I am assuming they also lack any sort of bank accounts in the EU as well, so that Dutch Agency might as well be trying to get blood from a stone. And allowing countries to fine companies that have no business operations in said countries could easily cause all sorts of issues. For example, what if China passed a law saying that posting edited photographs of Chinese citizens on the internet is illegal, and started going after any site that had Xi Jinping dressed as Winnie the Pooh pictures posted?
 
I'm a little unclear on where the 'abuse' is here. Obviously you can criminalize anything by passing a law against it, but this firm was using publicly posted photographs, no? If you post a photo of yourself to a public forum, you're intentionally exposing it to the entire world. And said collected photos would then be compared only to what? Other images of you collected in a similar public manner.
Yeah this right here, what are they even protecting me from as well? Someone looking for an image of me that’s already publicly available from Facebook?

I guess the way they are selling it, instead of a shop or whatever, having to manually look for my face on Facebook to find my name, ClearAI can do it in seconds.

I would assume the real fear from governments is that they’re working (or already using) something similar to track people?
 
Yeah this right here, what are they even protecting me from as well? Someone looking for an image of me that’s already publicly available from Facebook?

I guess the way they are selling it, instead of a shop or whatever, having to manually look for my face on Facebook to find my name, ClearAI can do it in seconds.

I would assume the real fear from governments is that they’re working (or already using) something similar to track people?
Obviously because most people who put pictures of their faces up on sites quite rightly don't expect it to be used as a way of tracking/spying on them as they move through the world.
The sooner they go bust the better.
 
Obviously because most people who put pictures of their faces up on sites quite rightly don't expect it to be used as a way of tracking/spying on them...
Since when is someone "spying" on you by viewing photos you yourself post to the Internet?
 
Loads of shortsighted comments here.
It's good that authorities at least see the risks and take action. Especially against all these companies that just ignore anything they don't like (like X).

If you think a little bit further there are plenty of reasons to think of why these practices are bad for everyone. But even if none of that matters they should be dealt with for using data that is not theirs.

There should be a copy right like there already is for music and movies.
 
Loads of shortsighted comments here.
It's good that authorities at least see the risks
Cite the "risks" here and you might convince someone. Vague handwaving only goes so far.

There should be a copy right like there already is for music and movies.
Every photo you take is indeed copyrighted; which is why "stock photo" companies exist to resell images. For the reasons why copyrights doesn't forbid photo analysis like this, you need to know a little bit more about IP law and why it exists.
 
I'm a little unclear on where the 'abuse' is here. Obviously you can criminalize anything by passing a law against it, but this firm was using publicly posted photographs, no? If you post a photo of yourself to a public forum, you're intentionally exposing it to the entire world. And said collected photos would then be compared only to what? Other images of you collected in a similar public manner.

Meanwhile, nations like China are secretly collating vast amounts of non-public data about each and every one of us, using everything from database hacks to backdoors in social-media apps like Tik Tok. And no one breaths a word of complaint, out of fear of angering the mighty CCP.
Clearview AI created a surveillance system that exceeded what governments had at the time and sold it to anyone with money.

That level of creepy exposure did not exist when people started putting photos online.

Further, other people can post a picture of you online without your consent.

Now the people who profited from that can just let the corporate entity die, create a new one, and start again.
 
Clearview AI created a surveillance system that exceeded what governments had at the time and sold it to anyone with money.
This just isn't true at all. Clearview had no "surveillance system" whatsoever. They had a tool that allowed you to compare your OWN surveillance images to a database of publicly-available photos.

Further, other people can post a picture of you online without your consent.
You have evidence that this is happening on any sort of widespread basis? And even if true, it's an entirely separate issue. If someone illegally posts a copyright video clip to the Internet and you view it, are YOU at fault -- or the person who posted it?
 
Since when is someone "spying" on you by viewing photos you yourself post to the Internet?
The real use of this system is to identify people moving through cameras. The shots from the camera are compared via an API to Clearviews illegally obtained database so companies can automatically identify who went in their shops, to their ballgames, or other more sinister activities. This is spying. How can you condone this and not see how it will be abused?
 
Going after the directors personally may be the only way to reign in these abuses.

The problem of illegal activities crossing borders with the internet is a growing problem that shows no sign of slowing.
Naa.. Just make it sting more. Add a 0 to that fine and companies will be MUCH more careful.
 
The real use of this system is to identify people moving through cameras. The shots from the camera are compared [so] companies can automatically identify who went in their shops, to their ballgames, or other more sinister activities. This is spying.
No. You being viewed in a public venue by the venue owner is not "spying". If you walk into the corner market and the owner identifies you from your past visits there, is that "spying"? If he identifies you from your being seen at some other public place, are you being "spied upon"? If he's never seen you before personally, but recognizes your mug shot from a wanted poster at the post office, is that "spying"?

How can you condone this and not see how it will be abused?
Neither you nor anyone else has yet to explain even one viable scenario for such "abuse".
 
No. You being viewed in a public venue by the venue owner is not "spying". If you walk into the corner market and the owner identifies you from your past visits there, is that "spying"? If he identifies you from your being seen at some other public place, are you being "spied upon"? If he's never seen you before personally, but recognizes your mug shot from a wanted poster at the post office, is that "spying"?


Neither you nor anyone else has yet to explain even one viable scenario for such "abuse".
I can't be bothered to respond to you anymore your worldview is so jaundiced and you would argue black is blue, 1 + 1 = 3 and Donald Trump is sentient.
 
Naa.. Just make it sting more. Add a 0 to that fine and companies will be MUCH more careful.
Except in this case Clearview currently has no business operations in the Netherlands or the EU; adding more zeros to a fine that they can't expect to collect is not going to help much.

Of course the whole "going after the directors personally" post you were responding too is also a very problematic solution; to go after directors who live in America & presumably will not set foot in Europe after these fines would require them to be extradited to the EU; the idea of extraditing American citizens to foreign countries they may have never been too, for engaging in activities that are legal in the US, just doesn't sit right with me.
 
Back