![]() (The regulation allows for fines of up to 4% of global annual turnover or €20 million, whichever is higher.) It was Clearview’s failure to comply with the CNIL’s December 2021 order that led, in October 2022, to the French watchdog adding a third breach finding to its tally - lack of cooperation with the regulator - and issuing the biggest fine it possibly could under the GDPR. That 2022 order followed an earlier finding, in December 2021, when - after investigating complaints - the CNIL decided Clearview had breached the GDPR by unlawfully processing several tens of millions of citizens’ data and failing to provide locals with data access rights. In a press release today, the CNIL said Clearview has failed to complied with the order it issued last October - when it imposed the maximum possible size of penalty it could (€20 million) for three types of breaches of the GDPR. Whether Clearview will ever pay any of these fines remains an open question, since the US-based company has not been cooperating with EU regulators. Clearview has been found to have breached a number of requirements set out in law - by France’s CNIL and several other regional data protection authorities, including authorities in the U.K., Italy and Greece, garnering several tens of millions in total fines to date. The European Union’s General Data Protection Regulation (GDPR) sets out conditions for processing personal data lawfully. The overdue penalty payment of €5.2 million has been issued by the French regulator, the CNIL - on top of a €20 million sanction it slapped the company with last year for breaching regional privacy rules. startup that’s attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the internet and used people’s data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator. The restricted committee added to this injunction a penalty of 100,000 euros per day of delay beyond these two months.įor further information: national news Reconnaissance faciale : sanction de 20 millions d’euros à l’encontre de CLEARVIEW AI (FR), Facial recognition: 20 million euros penalty against CLEARVIEW AI (EN).Clearview AI, the U.S. Regarding the very serious risks to the fundamental rights of the data subjects resulting from the processing carried out by the company, the restricted committee decided to order Clearview AI to stop collecting and processing data of individuals residing in France without a legal basis and to delete the data of these persons that it has already collected, within a period of two months. On the basis of the information brought to its attention, the restricted committee decided to impose a maximum financial penalty of 20 million euros, according to article 83 of the GDPR. Lack of cooperation with the CNIL (Article 31 of the RGPD).Individuals' rights not respected (articles 12, 15 and 17 of the GDPR).Unlawful processing of personal data (breach of article 6 of the GDPR).The Chair of the CNIL therefore decided to refer the matter to the restricted committee, which is in charge for issuing sanctions. However, it did not provide any response to this formal notice. Clearview AI had two months to comply with the injunctions formulated in the formal notice and to justify them to the CNIL. On 26 November 2021, the Chair of the CNIL decided to give Clearview AI formal notice to cease the collection and use of data of persons on French territory in the absence of a legal basis to to facilitate the exercise of individuals' rights and to comply with their requests for erasure. In May 2021, the association Privacy International also warned the CNIL about this practice. Summary of the Decision Origin of the caseĪs of May 2020, the Commission nationale de l'informatique et des libertés, CNIL received complaints from individuals about Clearview AI's facial recognition software and opened an investigation. Decision: Infringement of the GDPR, Administrative fine, Order to comply with periodic penalty payments. ![]() Legal Reference: Lawfulness of processing of personal data (article 6 of the GDPR), Rights of individuals (articles 12, 15 and 17 of the GDPR), Cooperation with supervisory authority (article 31 of the GDPR).Cross-border case or national case: National case. ![]()
0 Comments
Leave a Reply. |