Back to Cases
technologyTechnology · 2024
Clearview AI Inc.
Clearview AI built a facial recognition database of over 30 billion photographs scraped from the internet — including images of Dutch residents — without any lawful basis, consent, or transparency, violating GDPR Arts. 5, 6, 9, and 14. The AP also issued a personal liability warning to Clearview's directors, noting the company had ignored prior enforcement actions by EU counterparts in France, Italy, Greece, and the UK. Clearview was additionally ordered to cease all processing of Dutch residents' data and to delete existing records.
Fine Imposed€30.5M
Regulation
EU Artificial Intelligence Act
Max fineProhibited AI: €35M or 7% global revenue; high-risk AI: €15M or 3%; GPAI/transparency: €7.5M or 1.5%
Statusactive
Key Takeaways
- Scraping publicly available facial images to build biometric surveillance databases is unlawful under GDPR regardless of the public nature of the source material, and personal director liability warnings will escalate to fines for repeat violators.