Clearview AI has been hit with its largest fine yet under Europe’s General Data Protection Regulation (GDPR) by a Dutch regulator. The Dutch Data Protection Authority, or Dutch DPA, announced a fine of 30.5 million euros, or about $33.7 million.
Dutch regulator slaps Clearview AI with $33 million fine and threatens executive liability
The Dutch Data Protection Authority is considering whether Clearview’s directors can be held personally responsible.
The Dutch Data Protection Authority is considering whether Clearview’s directors can be held personally responsible.
Illustration: Alex Castro / The Verge
is a senior policy reporter at The Verge, covering the intersection of Silicon Valley and Capitol Hill. She spent 5 years covering tech policy at CNBC, writing about antitrust, privacy, and content moderation reform.
The American facial recognition company, which built a database of images scraped from social media platforms, has been the target of regulators around the world for alleged privacy violations. It’s previously faced fines from the UK, Australia, France, and Italy and been forced to delete data on those countries’ residents.
The Dutch DPA accused Clearview of creating an illegal database with “unique biometric codes” linked to the photos it collected. It also allegedly failed to give people whose faces were in the database sufficient information about how their image and biometric data are used. The company also allegedly continued to violate the law after the Dutch authorities began investigating it, which the Dutch DPA said could lead to an additional fine of up to 5.1 million euros.
Given that Clearview has not changed its behavior after other fines, according to the Dutch DPA, the regulator said in a press release that it “is looking for ways to make sure that Clearview stops the violations.” Dutch DPA chair Aleid Wolfsen said in a statement that company directors could be held personally liable if they knew of the GDPR violations and could have stopped them but chose not to.
The Dutch DPA said Clearview can’t appeal the fine because it hasn’t objected to the decision. But Clearview says it’s not enforceable. In a statement, Clearview’s chief legal officer, Jack Mulcaire, said that the company “does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.” Mulcaire said that the decision is “unlawful, devoid of due process and is unenforceable.”
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
