Clearview AI fined by the Italian SA after various GDPR violations, and ordered to remove data and appoint an EU representative.

The company Clearview AI, has been fined by yet another EU watchdog, according to this report from the EDPB. The Italian SA has also ordered the company to delete the data of Italians from its database. The company has built its database of approximately 10 billion faces from pictures scraped across the internet. The Italian SA, Garante launched an investigation after a report on several issues regarding facial recognition products which were offered by the Clearview AI Inc.The investigation revealed several issues. As a result, the Italian SA imposed a fine amounting to EUR 20 million, ordered a ban on any further collection and processing, ordered the erasure of the data, including biometric data, processed by Clearview’s facial recognition system with regard to persons in the Italian territory and also ordered the company to designate a representative in the EU.

The investigation by the Italian SA uncovered several infringement by Clearview AI Inc. 

The Italian SA’s inquiries were spurred following complaints and alerts and found that Clearview AI allows tracking Italian nationals and persons located in Italy. The inquiries and assessment by the Italian SA found several infringements by Clearview AI Inc. The personal data held by the company were processed unlawfully without an appropriate legal basis. This includes biometric and geolocation information.  In addition, the company violated several principles of the GDPR, including transparency, purpose limitation, and storage limitation. Clearview AI neglected to provide the information required by Articles 13-14 of the GDPR when personal data is collected from data subjects. Additionally, the company failed to designate a representative in the EU.

Clearview AI was fined €20 million and ordered to remove all Italian user data. 

The Italian DP imposed a fine of €20 million on the company. In addition, Garante imposed a ban on any further collection, by web scraping techniques, of images and the relevant metadata of persons in the Italian territory.  A ban was also imposed on further processing of the standard and biometric data that are handled by the Company via its facial recognition system concerning persons in the Italian territory. The Authority also ordered the erasure of all data, including biometric data, processed by its facial recognition system with regard to persons in the Italian territory. The company is also required to designate a representative in the territory of the European Union, as ordered by Garante. 

Does your company have all of the mandated safeguards in place to ensure the safety of the personal data you collect or process? Aphaia can help. Aphaia also provides both GDPR and Data Protection Act 2018 consultancy services, including data protection impact assessments, and Data Protection Officer outsourcing. We can help your company get on track towards full compliance. Contact us today.