Last December, the CNIL announced that it was giving Clearview AI formal notice to cease its activity, which consists of creating a database from videos and photos publicly accessible on the Internet.
Now, in a similar vein, the Italian regulator has fined the company €20 million for breaching the European General Data Protection Regulation (GDPR).
A controversial tool for law enforcement
Clearview AI is a controversial company. It collects photos and videos of faces publicly available on the Internet to create a database. This database is then handed over to the police, with the aim of identifying people who have committed crimes. In January 2021, after the storming of the US Capitol, Clearview AI had seen a marked increase in the use of its service.
Problem: according to the investigation of the Garante per la protezione dei dati personali (GPDP, the Italian equivalent of our CNIL), the data collected by Clearview AI ” are processed unlawfully, without adequate legal basis “.
In other words, its activity goes against the GDPR. Among the violations noted, the GPDP cites:
- A breach of the obligation of transparency, because the sign did not sufficiently inform people of the use of their images;
- A breach of purpose, the purpose being other than that for which the images were initially posted;
- A breach of data retention with no storage limit.
ClearView AI soon to be restricted?
The investigation was launched following complaints and reports », according to the terms of the GPDP. The body adds that in addition to the data breach, the company was also actively tracking Italian citizens and others present in Italy.
The regulator therefore imposed a fine of 20 million euros on the company and ordered it to delete all the data it holds on Italians, in addition to prohibiting it from any further processing of facial recognition in the country. . The decision is ironic: only a few weeks ago, Clearview AI announced during a presentation that it would be able, within a year, to identify practically anyone. Right now, its database is said to include 10 billion faces.
The CEO of the company, Hoan Ton-That, denies violating the regulations and declares: ” We only collect public data from the internet and follow all privacy and legal standards. I’m disappointed with this misinterpretation in Italy, where Clearview AI technology is not doing business. »
The CNIL having granted a period of two months for the deletion of the data, the Italian sanction becomes the most severe against Clearview AI. In November, Britain’s Information Commissioner’s Office (ICO) warned of a possible fine.
The issue of payment of the fine could, however, become a problem. For it to be possible, the US company Clearview AI must have a representative in the EU, another legal requirement that the company has not met. As noted TechCrunch, for lack of a representative, the regulators could send the fine to the brand’s customers. In other words, law enforcement.
On the same subject :
Facial recognition: Clearview AI says it can identify almost everyone within a year
Source: TechCrunch
2