DPA acts on our tip about illegal facial recognition database
- 04 september 2024
Great news! The Dutch Data Protection Authority (DPA) is fining Clearview AI 30.5 million euros. In april of last year, we filed a tip with the DPA on this illegal facial recognition database.
Severe violations of European privacy law
The American company is violating the European General Data Protection Regulation (GDPR) on several levels by scraping huge amounts of people's faces that are on the internet, like a giant vacuum cleaner. Clearview does this without having a legal foundation for doing so. They are also charged with processing biometric data by using facial recognition technology, which is in principle prohibited under the law. In addition, they do not adequately inform data subjects and do not properly respond to requests for access.
Bits of Freedom has been concerned about this for years. Policy advisor Lotte Houwing filed a request for access with Clearview AI and found out that she too was included in the illegal database. Suspicion also arose that the police was using Clearview AI. For example, an article by BuzzfeedRead the Buzzfeed-article revealed that the Dutch police would have made between 51 and 100 searches in the program. We shared this information with the DPA and asked them to scrutinize and enforce clearview.
Through scraping, this company collects huge amounts of faces that are on the internet.
An important signal to Clearview as well as other illegal facial recognition databases
These large-scale and serious privacy violations needed to end quickly as far as we were concerned. Therefore, we filed a tip to the DPA asking it to scrutinize Clearview AI and enforce if the GDPR was indeed violated. Lotte also shared her inspection request with the regulator. We are therefore very pleased that the DPA has acted on this and now imposed this fine on Clearview AI.
This sends an important signal to Clearview AI and to organizations that use Clearview AI, including presumably the Dutch police. Processing our biometric data is illegal and it is ridiculous that companies earn money from databases in which our faces are recognized. It is also beyond explanation that the police, whose job it is to enforce the law, are themselves breaking the law by using illegal databases. We hope that this decision by the DPA will encourage other companies that use biometric data in violation of the law to stop doing so immediately.