Clearview AI
Issued by Commission Nationale de l'Informatique et des Libertés (CNIL) on 2022-10-17
What happened
The CNIL fined Clearview AI €20 million for collecting and processing biometric data of French citizens without a legal basis. Clearview AI scraped billions of photographs from the internet to build a facial recognition database used by law enforcement and private companies. The CNIL found that Clearview had no legal basis for collecting and processing this biometric data, failed to inform individuals about the processing, and did not respect data subjects' rights of access and erasure. The company was also ordered to stop collecting and using data of people in France and to delete all data already collected within two months. This decision followed similar findings by the Italian Garante and other EU DPAs.
Articles violated
Lessons learned
Scraping publicly available images does not constitute consent for biometric processing. Facial recognition technology faces extreme scrutiny under GDPR, particularly when used without individuals' knowledge. Multiple DPAs can independently pursue the same company for the same practices — fines accumulate across jurisdictions. Companies processing biometric data must meet the heightened requirements of Art. 9 for special category data.
Source
View original decisionDisclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.
Get enforcement alerts for Technology
We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.