ITInsufficient Legal BasisTechnologyDecision: 2022-03-09

Clearview AI

€20.0M

Issued by Garante per la Protezione dei Dati Personali on 2022-03-09

What happened

Italy's Garante fined Clearview AI €20 million for scraping billions of facial images from social media and the internet without any legal basis or consent. Clearview AI had no EU representative, failed to inform data subjects about processing, and did not comply with data subject access requests. The biometric data was processed without meeting the conditions for special category data under Art. 9.

Articles violated

Art. 5(1)(a) GDPRArt. 5(1)(b) GDPRArt. 5(1)(e) GDPRArt. 6 GDPRArt. 9 GDPRArt. 14 GDPRArt. 15 GDPRArt. 27 GDPR

Lessons learned

Scraping publicly available images does not create a legal basis for biometric processing. Companies processing EU citizens' data must appoint an EU representative. Biometric data is special category data requiring explicit consent or another Art. 9 exemption. Mass surveillance technologies face heightened scrutiny under GDPR.

Source

View original decision

Disclaimer: This summary is for informational purposes only and does not constitute legal advice. Refer to the original decision for complete details.

Get enforcement alerts for Technology

We track GDPR fines across Europe. Enter your email to get notified about new enforcement actions.

Related enforcement actions

IE€345.0M

TikTok

Data Protection Commission (DPC) · Data Subject Rights

Read case

FR€40.0M

Criteo SA

Commission Nationale de l'Informatique et des Libertés (CNIL) · Consent Violation

Read case

SE€5.0M

Spotify AB

Integritetsskyddsmyndigheten (IMY) · Data Subject Rights

Read case