The Netherlands
Clearview AI Inc.
GDPR enforcement action by Dutch Supervisory Authority for Data Protection (AP) on 2024-05-16.
Case details
- Authority
- Dutch Supervisory Authority for Data Protection (AP)
- Date
- 2024-05-16
- Controller / Processor
- Clearview AI Inc.
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 12 (1), (2) GDPR, Art. 14 (1), (2) GDPR, Art. 27 (1) GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Dutch DPA has fined Clearview Al Inc. EUR 30,500,000. Clearview, a company offering facial recognition services, holds a database of over 30 billion images, including those of Dutch citizens. These images are scraped from publicly available online platforms, such as social media. Clearview uses these images to create biometric profiles, allowing individuals to be identified.
During its investigation the DPA found that the personal data contained in the company's database had been processed unlawfully and without a valid legal basis. Furthermore the company violated the principle of transparency by failing to adequately inform data subjects about the processing of their data. Additionally, the company did not respond to two access requests from data subjects. The company also failed to facilitate the right of access of data subjects located within the territory of the Netherlands. Lastly, the company had not appointed a representative within the European Union as required under the GDPR.
Related fines