The Dutch Data Protection Authority (DPA) fined Clearview AI €30.5 million for illegally creating a database with more than 30 billion photos, Euractiv reported.
Clearview AI, a US firm that provides facial recognition services to intelligence agencies and law enforcement agencies, created an illegal database of more than 30 billion people’s facial photos without their consent, violating the General Data Protection Regulation (GDPR), according to the report.
Authorities warned against using the company’s services, which they said were prohibited. However, Clearview did not stop its violations even after the investigation began. If the AI company continues to operate, it could face additional fines of up to 5.1 million euros.
For its part, Clearview claimed the decision was “unlawful, devoid of due process and is unenforceable.”
The Dutch authority is also “investigating if the directors of the company can be held personally responsible for the violations” as the company has not changed its practices despite previous fines from other authorities.
In March, Ukraine’s Defence Ministry began using Clearview AI facial recognition technology after the company offered to uncover Russian assailants, fight disinformation, and identify the dead.
Big Brother is watching you
The DPA said that the photos in the database were automatically retrieved from the Internet and converted into unique biometric codes for each individual without the knowledge or consent of the people involved. Dutch DPA Chairman Aleid Wolfsen stated:
If there is a photo of you on the Internet – and does it not apply to all of us? – then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China.
The DPA is particularly concerned about people’s unique facial biometric codes, which it said act like fingerprints. The collection and use of such biometric data are prohibited, although there are some exceptions to which Clearview does not apply, the body stated.
Clearview also does not honour requests from individuals to access their data as required by the GDPR, the Dutch data watchdog said. Despite the investigation and previous fines from other authorities, Clearview, a US company without a European office, continued to violate data protection rules.
The AI Act prohibits and restricts certain uses of biometric identification, including the use of such technologies in real time in public places by law enforcement agencies. In January, the European Court of Justice ruled that law enforcement agencies could not store biometric and genetic data of convicts indefinitely.
In November, it emerged that the French National Police had been illegally using Israeli facial recognition software Briefcam since 2015.