Stick a fork in it: Clearview AI was already on the verge of bankruptcy after having to fork over 23 percent of its equity to class action plaintiffs because it didn't have the funds to pay in cash. That stake was worth about $50 million. Now, regulators in the Netherlands have levied a multimillion-dollar fine for violating the GDPR.
The Dutch Data Protection Authority (DPA) has fined troubled facial recognition company Clearview AI 30.5 million euros ($33.6 million US) for violating Europe's General Data Protection Regulation (GDPR). The DPA says that Clearview's database, containing over 40 billion images, is illegal under European law.
"Facial recognition is a highly intrusive technology that you cannot simply unleash on anyone in the world," Dutch DPA Chairman Aleid Wolfsen said. "If there is a photo of you on the internet – and doesn't that apply to all of us? – then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China."
The DPA says that scraping the internet for images of Dutch citizens without their consent violates the GDPR rules. Furthermore, the Authority warns that it will also fine businesses and government institutions found using Clearview AI's database.
The Netherlands privacy watchdog mandated that Clearview cease all violations of the GDPR or face an additional non-compliance fine of €5.1 million ($5.6 million). It appears that this incremental fine is inevitable since, thus far, Clearview has completely ignored Dutch authorities. It has not even responded to the initial charge, an inaction that voids its right to appeal.
The American-based company thinks that since it has no international offices, it can sell its services overseas without complying with international law. The DPA contends that it will not tolerate this attitude and is looking into avenues of enforcement, including holding Clearview management personally liable.
"Such company cannot continue to violate the rights of Europeans and get away with it [sic]," Wolfsen declared. "Certainly not in this serious manner and on this massive scale. We are now going to investigate if we can hold the management of the company personally liable and fine them for directing those violations. "
The DPA admits that facial recognition can be a valuable tool for apprehending criminals, but it requires oversight to do that properly. Oversight is more challenging to enforce against private companies than government agencies, and Clearview has never been transparent or cooperative with regulators.
The Netherlands is not the only country that has disputed Clearview's practices. When news that the company indiscriminately scraped the internet for images of people's faces, all major social media sites sent cease and desist letters. Clearview co-founder and CEO Hoan Ton-That ignored these demands, insisting that the First Amendment protected his company's methods.
Scrutiny was heightened when a hacker infiltrated company servers and stole data, including Clearview's entire client list. Eventually, several states sued the company for privacy violations. Clearview recently settled the class action for a 23-percent company equity stake, equating to about $50 million or roughly 30 cents per plaintiff.
The US Congress also floated a proposed bill called the Fourth Amendment Is Not For Sale Act. The bill is still working its way through Capital Hill, most recently landing for consideration in the Senate in April. The measure should pass since it was introduced to the House of Representatives by the Senate in 2020.
Multiple countries have also taken legal action against Clearview AI, including Australia, Austria, France, Greece, Italy, and the UK. Between levied fines, legal expenses, and settlement expenditures, the firm is on the verge of bankruptcy. The fact that it has stayed in business under such circumstances demonstrates the value of wholesale consumer data.