Clearview AI fined €20M for collecting Italians’ biometric data

The Italian privacy guarantor (GPDP) has imposed a fine of €20,000,000 on Clearview AI for implementing a biometric monitoring network in Italy without acquiring people’s consent.

This decision resulted from a proceeding that launched in February 2021, following relevant complaints about GDPR violations that stemmed directly from Clearview’s operations.

More specifically, the investigation revealed that the American facial recognition software company maintains a database of 10 billion images of people’s faces, including Italians, who had their faces extracted from public website profiles and online videos.

Without ever acquiring those people’s consent or informing them about the scraping of their biometric data, Clearview AI offered its clients a search service that employed artificial intelligence to match faces with identities and online activity.

The guarantor’s investigation revealed that Clearview AI also possessed illegally processed geolocation data, which violates basic principles of the GDPR (General Data Protection Regulation).

“In light of the violations found, the Guarantor imposed an administrative fine of 20 million euros on Clearview AI,” reads the GPDP announcement (link for non-EU readers).

“The Authority also ordered the company to delete data relating to people who are in Italy and prohibited further collection and processing through its facial recognition system.”

Clearview’s defense against this investigation was that testing to support a roll-out of its service in the Italian market had already been concluded by March 2020.

Additionally, following the complaints received by other EU-based data protection authorities, the firm blocked trial access to its software from European IP addresses.

Finally, Clearview AI attempted to distinguish between biometric data scraping and person monitoring, as they denied using behavioral analysis or any profiling techniques.

As it becomes evident from the announcement, the GPDP rejected these arguments, and the investigation still confirmed violations relevant to data privacy laws.

It is worth noting that during the EU Parliament discussions in 2021 over the upcoming ‘Artificial Intelligence Act,’ Clearview AI was explicitly mentioned as an example of a biometric mass surveillance implementation to avoid.

Bleeping Computer has reached out to Clearview AI for a comment on the fine imposed by the Italian regulator, and its CEO, Hoan Ton-That has told us the following:

Clearview AI does not have a place of business in Italy or the EU, it does not have any customers in Italy or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.

I grew up in Australia and have long viewed Italy as a world center of art and design. I have deep respect for the country and its people. I created the consequential facial recognition technology known the world over with the purpose of helping to make communities safer and assisting law enforcement in solving heinous crimes against children, seniors and other victims of unscrupulous acts.

We only collect public data from the open internet and comply with all standards of privacy and law. I am heartbroken by the misinterpretation by some in Italy, where we do no business, of Clearview AI’s technology to society. My intentions and those of my company have always been to help communities and their people to live better, safer lives.