![]() ![]() ![]() Two breaches of the GDPRįrance’s CNIL found that Clearview committed two breaches of the GDPR - violating Article 6 (the lawfulness of processing) by collecting and using biometric data without a legal basis and breaching a variety of data access rights set out out in Articles 12, 15 and 17. This year Clearview’s service has already been ruled in breach of privacy rules in Canada, Australia and the UK (which, post-Brexit, sits outside the EU but retains the GDPR in national law for now) - where it’s facing a possible fine and was also ordered to delete user data last month. So while the CNIL’s order only applies to data it holds on people from French territories - which the CNIL estimates covers “several” tens of millions of Internet users - more such orders are likely from other EU agencies. The US company does not have an established base in the EU - meaning its business is open to regulatory action across the EU, by any of the bloc’s data protection supervisors. The watchdog is acting on complaints against Clearview received since May 2020. In an announcement of the breach finding, the CNIL also gives Clearview formal notice to stop its “unlawful processing” and says it must delete user data within two months. ![]() The French DPA in December ordered the company to cease the collection and use of data of persons in French territory, also warning of the potential for a fine.Controversial facial recognition company, Clearview AI, which has amassed a database of some 10 billion images by scraping selfies off the Internet so it can sell an identity-matching service to law enforcement, has been hit with another order to delete people’s data.įrance’s privacy watchdog said today that Clearview has breached Europe’s General Data Protection Regulation (GDPR). “At the same time, it sends a clear message to law enforcement authorities working with companies of this kind that such practices are illegal and grossly violate the rights of data subjects.”Ĭlearview AI might still face further financial penalties in the European Union. “The €20 million fine imposed by the DPA today is another strong signal against intrusive business models of companies that seek to make money through the illegal processing of personal data,” the group said. In Greece, Homo Digitalis issued a statement on the HDPA’s action. Throughout the European Union, human rights organizations have worked together to bring forward complaints against Clearview AI to relevant regulators. Therefore, their personal data is being collected and sold without their knowledge or consent. The EU DPAs contend images belonging to their residents are among that database and accessible to customers in other countries. The system is reported to include a database of more than 20 billion images that Clearview AI claims to have taken from various social media platforms and other websites where the information is publicly available. It then links to where the photos appeared. U.S.-based Clearview AI’s app allows users to upload an image of an individual’s face and match it to photos of that person’s face collected from the internet. “Clearview AI does not have a place of business in Greece or the EU, it does not have any customers in Greece or the EU, its product has never been used in Greece, and does not undertake any activities that would otherwise mean it is subject to the GDPR,” said Chief Executive Hoan Ton-That in an emailed statement. The company’s response to the HDPA fine struck a similar tone. In each case, Clearview AI responded it does not do business in the European Union and is not subject to the GDPR. $9.4 million) regarding the same practices on U.K. $22 million) for unlawfully processing the data of Italian citizens, while the U.K.’s Information Commissioner’s Office in May announced a penalty of more than 7.5 million pounds (then-U.S. In February, Italy’s DPA, Garante, fined the company €20 million (then-U.S. The decision (in Greek) against Clearview AI by the HDPA follows similar actions in Italy and the United Kingdom earlier this year. The enforcement action also included a ban on Clearview AI’s collection of personal data from data subjects in Greece and required it to delete any data it has already collected from the country’s residents. $19.9 million)-a record in the country-for unlawfully processing the biometric data of Greek citizens. The HDPA fined the company 20 million euros (U.S. July 13: Human rights compliance management. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |