Clearview’s World Tour Continues With A $21 Million Fine From The Italian Government
from the let-the-bleeding-continue! dept
Clearview AI has been disinvited from yet another country. This unrolling of the unwelcome mat also includes a hefty exit fee. (h/t Michael Vario)
The Italian privacy guarantor (GPDP) has imposed a fine of €20,000,000 on Clearview AI for implementing a biometric monitoring network in Italy without acquiring people’s consent.
This decision resulted from a proceeding that launched in February 2021, following relevant complaints about GDPR violations that stemmed directly from Clearview’s operations.
More specifically, the investigation revealed that the American facial recognition software company maintains a database of 10 billion images of people’s faces, including Italians, who had their faces extracted from public website profiles and online videos.
Since Clearview’s exposure by Kashmir Hill for the New York Times, the facial recognition company and its ever-swelling database of scraped facial images and personal data have been heavily scrutinized. It has been sued by US state governments for violations of local privacy laws.
Elsewhere in the world, where privacy protection laws are far more stringent, it has been expelled and fined. The Canadian government ejected Clearview, finding its web-scraping practices to be illegal. Not the web-scraping itself, but the fact that the company compiled massive amounts of personal data without the consent of the millions of users whose data was scraped from social media platforms and websites.
The same conclusions have been reached in the UK, Australia, and France. More European nations are sure to follow suit, given that scraping personal info from third parties is an act that obviously occurs without the consent of users of third party platforms and sites and that this retention of geolocation data violates the GDPR. The UK government levied a $23 million fine against Clearview, in addition to demanding UK residents’ data be removed from Clearview’s massive database.
Clearview’s statement to Bleeping Computer is nonsensical. Its claims of innocence are undone by its actual business practices.
Clearview AI does not have a place of business in Italy or the EU, it does not have any customers in Italy or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.
Wrong. The scraping of personal data and images from sites that do “undertake activities… subject to the GDPR” makes it subject to these laws. If it had these sites’ permission to scrape data, that would put the onus on the sites and potentially make them liable for GDPR violations. But Clearview does this without permission, so while it may not have any physical locations or data centers in Europe, its actions can still be considered violations of law because of where this data is collected.
Claiming it’s not subject to foreign laws makes zero sense given how it compiles the data it sells to its customers. It’s like embezzling from a European company but claiming no foreign laws were broken because you performed this act while sitting at a desk in Manhattan.
The tail end of CEO Hoan Ton-That’s statement is no less stupid. After some left-handed compliment to the nation of Italy as the world leader in artistic expression, he insists scraping the web and collecting personal data without the consent of millions of Europeans does not violate European data privacy laws.
We only collect public data from the open internet and comply with all standards of privacy and law. I am heartbroken by the misinterpretation by some in Italy, where we do no business, of Clearview AI’s technology to society.
The issue here — especially in countries subject to the GDPR — is consent. While scraping data from the open web breaks no US laws, collecting data without consent does violate some state laws and clearly violates the GDPR. The only privacy standard Clearview appears to recognize is that whatever can be scraped without a login isn’t private and that it has a right to collect it, compile it, make it searchable, and sell it to government agencies and other customers. Ton-That’s defense isn’t just intellectually dishonest. It’s the regular kind of dishonest, too.
Filed Under: data protection, facial recognition, fines, gpdp, italy, privacy
Companies: clearview
Comments on “Clearview’s World Tour Continues With A $21 Million Fine From The Italian Government”
Onward ever onward
All this and yet Clearview presses onward ever onward, like a blind warthog.
Who is paying their bills? Who is buying their data?
Someone must be. Someone who wants microsecond-by-microsecond detail of all of our lives. Who could it be?