Clearview AI Fined $33.7 Million by Watchdog over 'Illegal Database' of Faces

The company built a database and insufficiently informed people whose images appeared in the database.

Hoan Ton-That, CEO of Clearview AI, demonstrates the company's facial recognition software using a photo of himself.
Hoan Ton-That, CEO of Clearview AI, demonstrates the company's facial recognition software using a photo of himself.
AP Photo/Seth Wenig

The Dutch data protection watchdog on Tuesday issued facial recognition startup Clearview AI with a fine of 30.5 million euros ($33.7 million) over its creation of what the agency called an “illegal database” of billion of photos of faces.

The Netherlands' Data Protection Agency, or DPA, also warned Dutch companies that using Clearview's services is also banned.

The data agency said that New York-based Clearview “has not objected to this decision and is therefore unable to appeal against the fine.”

But in a statement emailed to The Associated Press, Clearview's chief legal officer, Jack Mulcaire, said that the decision is "unlawful, devoid of due process and is unenforceable.”

The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.

“Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world,” DPA chairman Aleid Wolfsen said in a statement.

“If there is a photo of you on the Internet — and doesn’t that apply to all of us? — then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China,” he said.

DPA said that if Clearview doesn't halt the breaches of the regulation, it faces noncompliance penalties of up to 5.1 million euros ($5.6 million) on top of the fine.

Mulcaire said in his statement that Clearview doesn't fall under EU data protection regulations.

“Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.

In June, Clearview reached a settlement in an Illinois lawsuit alleging its massive photographic collection of faces violated the subjects’ privacy rights, a deal that attorneys estimate could be worth more than $50 million. Clearview didn't admit any liability as part of the settlement agreement.

The case in Illinois consolidated lawsuits from around the U.S. filed against Clearview, which pulled photos from social media and elsewhere on the internet to create a database that it sold to businesses, individuals and government entities.

More in Cybersecurity