Clearview AI fined by CNIL for illegal use of biometric data

The CNIL’s patience should not be abused. After a formal notice and several reminders, the privacy police imposed a fine of twenty million euros this week against the company Clearview AI.

At the end of 2021, theauthority had ordered the company to stop the massive and indiscriminate collection of photos on the Internet and to delete data concerning people on French territory, following complaints from individuals and an alert from the Privacy International association.

Refusal to comply

But, for lack of answers and satisfactory feedback, the restricted formation of the Cnil decided on Monday, October 17 to impose an administrative fine, accompanied by an injunction to delete all the personal data collected on French people.

Clearview AI specializes in facial recognition and artificial intelligence. Using this technology, the company scans all images freely accessible on the Internet, including social networks, in search of faces and then establishes a unique digital fingerprint of the latter based on their physical characteristics.

All this biometric data finally allows the company to market a search engine where customers can upload a photo and find all the matches in this giant database. “The company has thus collected more than twenty billion images worldwide”, notes the CNIL deliberationmade public on Thursday 20 October.

No legal basis

If Clearview presents its platform as “a research tool used by law enforcement to identify perpetrators and victims of crime” for example, the privacy police believe that it has no legal basis, even though the GDPR very strictly regulates the processing of such data, which is deemed to be sensitive.

Not to mention that this massive collection of photos on the web, and their analysis by the company’s software, is obviously not preceded by any collection of consent. The Cnil also accuses the company of having failed in its obligations in terms of the right of access and the right to erasure.

It should be noted that the deliberation of the authority underlines that Clearview obviously did not attempt to defend itself vigorously against what it was accused of. “The company did not submit any observations in defense”, can we read several times. The company had not bothered to respond to its formal notice or to the two reminders that were then sent to it.

It remains to be seen now whether the company will comply with the injunctions of the Cnil, which left Clearview two months, after which it will be subject to a penalty of 100,000 euros per day of delay. The French authority is not the only one to have considered the Clearview case. The American company has already been condemned to a fine of 8.85 million euros in the United Kingdom last May, then 20 million euros by the Greek Cnil this summer.

Selected for you

Critical materials, metaverse, mobility… what Brussels is preparing for 2023

We would like to say thanks to the writer of this write-up for this remarkable content

Clearview AI fined by CNIL for illegal use of biometric data

Find here our social media profiles as well as other pages related to it.