The Italian data regulator has fined Clearview AI nearly $22M and ordered it to delete data deemed to violate the GDPR and banning use of its offending facial recognition technology in Italy. The regulator found that Clearview lacked an adequate legal basis for processing faceprints, as well as violating several technical requirements of the GDPR such as purpose and re-use limitations, transparency, and deletion.
The UK data regulator had ordered Clearview to stop processing data in the fall of 2021, warning of potential fines in that country. Sweden last year fined a customer of Clearview's facial recognition technology for violation of data protection laws.
Why It Matters
European regulators seem increasingly inclined to issue eyebrow-raising fines for violations of GDPR. Although Facebook and Google have garnered the most attention, and ire, it is clear that regulators do not hesitate to pursue other American companies as well. Anyone with data from the EU is advised to examine their notice, security, transfer, and other procedures to ensure that they are GDPR-friendly. A multi-million-Euro fine would be crippling to many small tech companies.