The Italian privacy guarantor (Garante per la protezione dei dati personali, or GPDP) has fined Clearview AI €20,000,000 (US$22 million) on the basis that the company implemented a biometric monitoring network in the country without acquiring people’s consent.
The GPDP investigation was initially prompted by complaints by unnamed individuals that Clearview AI was collecting individuals’ data, including biometric and geolocation information, without an appropriate legal basis.
Clearview’s defense against the probe was that the company was conducting testing to support a rollout of its service in the Italian market that had already been concluded by March 2020.
Clearview AI also tried to distinguish between biometric data scraping and person monitoring, and they denied using behavioral analysis or any profiling techniques.
The GPDP rejected these arguments, however, and the ruling that followed established that the company infringed several fundamental principles of the EU’s GDPR including transparency, purpose limitation and storage limitation.
Together with the hefty fine, Clearview AI was also ordered to erase the data collected from individuals in Italy and banned the company from further collection and processing of the data through the company’s facial recognition system.
Finally, the GPDP urged Clearview AI to designate a representative in the EU to facilitate the exercise of data-related legal matters in future.
In response to these measures, the company blocked trial access to its software from European IP addresses.
Clearview CEO Hoan Ton-That writes in a response that the company has no footprint or customers in the country or even in the EU, that it is therefore not subject to GDPR, and that he is “heartbroken by the misinterpretation by some in Italy” of the company’s technology.
This is not the first time Clearview AI comes under scrutiny for alleged violations of privacy laws. Just a few weeks ago, the company’s technology was cited as a “particularly dangerous” example of facial recognition by a group of U.S. Democrat Senators and Representatives.
Hungary fines service provider
The National Authority for Data Protection and Freedom of Information (NAIH) of Hungary has declared a municipal CCTV system with facial recognition, CMS Law-Now writes.
The 39-camera system was deployed under a joint-controllership agreement that lacked data security protections, according to the NAIH, which also ruled the deployment did not satisfy the necessity and proportionality requirements under the law. In addition to declaring the system illegal, the NAIH has fined the technical service provider HUF 500,000 (approximately US$1,400).
The municipality had argued that the deployment along a thoroughfare crowded with nightclubs and experiencing an elevated crime rate was necessary to identify criminals.