Details:
| Summary | The Italian DPA has fined U.S.-based Clearview AI EUR 20 million after it was revealed that the company had been applying biometric surveillance techniques on Italian territory.
The company owns a database of over 10 billion facial images from around the world. The company offers a search service that allows profiles to be created based on the biometric data extracted from the images. The profiles can be enriched with information associated with these images, such as image tags and geolocation. The DPA launched an investigation into the company after it became known that Clearview – contrary to initial claims – also enabled searches of Italian nationals and residents. The DPA found that the personal data contained in the company’s database had been processed unlawfully and without a valid legal basis. For example, the company had violated the principle of transparency by failing to adequately inform users about the processing of their data. Clearview had also violated the principle of purpose limitation, by processing users’ data for purposes other than those for which they had been made available online. Finally, it violated the principle of storage limitation by not specifying a time period for data storage. |
| Link: | link link |
| Related articles: | Art. 5 (1) a), b), e) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 27 GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 20,000,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/