Clearview AI, the controversial facial recognition firm, has been hit with another fine in Europe. Clearview AI scrapes selfies and other personal information off the Internet without consent to feed it into an AI-powered identity-matching service that the comany sells to law enforcement and other organizations.
This fine comes after Clearview AI failed to respond to an order from the CNIL last year, France’s privacy watchdog, to stop its unlawful processing of citizens’ information and delete their data.
Clearview AI responded to that order by ghosting the regulator, thereby adding a third GDPR breach for its non-cooperation with the regulator to its earlier tally. Italy’s privacy watchdog fined Clearview AI €20 million in March for breaches.
Here’s the CNIL’s summary of Clearview’s breaches:
- Articles 17, 15, and 12 of the GDPR: Individuals’ rights not respected.
- Breach of Article 6 of the GDPR: Unlawful processing of the personal data.
- Article 31 of the GDPR: Lack of cooperation with the CNIL.
According to CNIL, Clearview AI had been given two months to comply with the formal notice’s injunctions and justify them to CNIL. However, it did not render any response to this formal notice.
As a result, the chair of the CNIL made the decscision to refer the matter to the restricted committee that is in-charge of issuing sanctions. Based on the information brought to its attention, the restricted committee imposed a maximum 20 million euros financial penalty, according to the article 83 of the General Data Protection Regulation (GDPR).