HDPA fined the company 20 million euros (US $ 19.9 million) – a record in the country – for illegally processing biometric data from Greek citizens. The enforcement action also included a ban on Clearview AI’s collection of personal data from registered persons in Greece and demanded that it delete all data it has already collected from the country’s residents.
The decision (in Greek) against Clearview AI from HDPA follows similar actions in Italy and the UK earlier this year. In February, Italy’s data protection authority, Garante, fined the company € 20 million (then $ 22 million) for illegally processing Italian citizens’ data, while the UK’s Information Commissioner’s office in May announced a fine of more than £ 7.5 million (then $ 9 million). , USD 4 million) concerning the same practice on British nationals. In each case, Clearview AI replied that it does not conduct business in the EU and is not subject to the GDPR.
The company’s response to the HDPA fine set a similar tone.
“Clearview AI does not have a business location in Greece or the EU, it has no customers in Greece or the EU, its product has never been used in Greece and does not undertake any activities that would otherwise mean that it is subject to the GDPR,” said the CEO. Director Hoan Ton-That in an email.
US-based Clearview AI’s app allows users to upload an image of a person’s face and match it with images of that person’s face collected from the Internet. It then links to where the images appeared. The system is reported to include a database of more than 20 billion images that Clearview AI claims to have taken from various social media platforms and other sites where the information is publicly available.
EU data protection authorities claim that images belonging to their residents are among this database and available to customers in other countries. Therefore, their personal data is collected and sold without their knowledge or consent.
Throughout the European Union, human rights organizations have worked together to lodge complaints about Clearview AI with relevant regulators. In Greece, Homo Digitalis issued a statement on the action of the HDPA.
“The € 20 million fine imposed by DPA today is another strong signal against intrusive business models for companies seeking to make money through the illegal processing of personal data,” the group said. “At the same time, it sends a clear message to law enforcement agencies working with companies of this kind that such practices are illegal and grossly violate the rights of data subjects.”
Clearview AI may still be subject to further financial sanctions in the EU. In December, the French data protection authority ordered the company to stop collecting and using data from persons on French territory and also warned of the possibility of a fine.