Facial recognition company Clearview AI faces €20 million fine in Italy over GDPR breach

American facial recognition company Clearview AI was imposed a fine of EUR 20 million, or about Rs 168 crore, by the Italian data privacy watchdog. The fine is the latest order that the company has faced from European data privacy regulators, after France, in December 2021, held the company to be in violation of Europe’s General Data Protection Regulation (GDPR) law.

According to a report by news agency AFP, the Italian data privacy regulator stated that it took actions basis “complaints and reports” that it received. The body’s statement, issued in a press release, read, “The findings revealed that the personal data held by the company, including biometric and geolocation data, are processed illegally, without an adequate legal basis, which certainly cannot be the legitimate interest of the American company.”

Clearview AI has faced multiple controversies and orders around the world, with numerous bodies calling its collection and storage of personal data, and subsequently offering it as a facial recognition tool to law enforcement companies, to be unlawful. The company has previously stated that it has approximately 10 billion facial images scraped from social media and other internet libraries – taken without any explicit consent from any party.

Objecting to this data collection, the Italian body further added, “Clearview AI’s activity therefore violates the freedoms of the data subjects, including the protection of confidentiality and the right not to be discriminated against.”

Alongside imposing the fine on Clearview AI, Italy has also ordered the company to delete any data that it possesses belonging to Italian citizens.

Earlier, in December 2021, the French data protection regulator, Commission Nationale Informatique & Libertes (CNIL), had held Clearview AI in violation of two particular articles of the GDPR linked to the lawfulness of processing personal data, and the ways of accessing and storing the personal data in question.

According to TechCrunch, in response to Italy’s order, Clearview AI’s founder Hoan Ton-That said, “Clearview AI does not have a place of business in Italy or the EU, it does not have any customers in Italy or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.”

Ton-That further added, “We only collect public data from the open internet and comply with all standards of privacy and law. I am heartbroken by the misinterpretation by some in Italy, where we do no business, of Clearview AI’s technology to society. My intentions and those of my company have always been to help communities and their people to live better, safer lives.”

Going by precedent, European data regulators have so far said that even though Clearview AI does not have a centre of business on European soil, it is still liable to act as per GDPR laws when it comes to processing data belonging to Europeans.