AP fines Clearview for illegal data collection for facial recognition

Clearview is a commercial company that provides facial recognition services to intelligence and investigative agencies. Clearview's customers can submit camera images to find out the identities of people who come into view. Clearview has a database of more than 30 billion photographs of people for this purpose. Clearview scrapes those photos automatically from the Internet. And then converts them into a unique biometric code per face. Without these people knowing and without their consent.

Never anonymous again

'Facial recognition is a very invasive technology that you can't just unleash on everyone in the world,' said AP Chairman Aleid Wolfsen. 'If a picture of you is on the Internet - and who isn't? - then you can end up in Clearview's database and be tracked. This is not a doomsday scenario from a creepy movie. Nor is it something that could only happen in China.'

Clearview says it only provides services to intelligence and investigative agencies outside the European Union (EU). 'That's bad enough,' Wolfsen said. 'Above all, don't let this go any further. We need to draw a very clear line on the misuse of this kind of technology.

Wolfsen endorses the importance of security and the detection of criminals by official bodies. He also recognizes that techniques such as facial recognition can contribute to this. But certainly not by a commercial company. And by authorized bodies only in very exceptional cases. The police, for example, must then manage the software and database themselves, under strict conditions and under the watchful eye of the AP and other regulators.'

Services Clearview illegal

Wolfsen warns: don't use Clearview. 'Clearview violates the law and using its services is therefore illegal. Dutch organizations using Clearview can therefore expect hefty fines from the AP.'

Clearview violations

Clearview seriously violated the privacy law General Data Protection Regulation (AVG) on several counts: the company should never have created the database and lacked transparency.

Illegal database

Clearview should never have created the database of photographs, the associated unique biometric codes and other information. This is especially true of the codes. These are biometric data, just like fingerprints. Collecting and using them is prohibited. There are some legal exceptions to this prohibition, but Clearview cannot invoke them.

Insufficient transparency

Clearview does not adequately inform people who are in the database that the company is using their photo and biometric data. Also, people who are in the database have the right to see their data. That means Clearview must show people what data the company has on them if they ask. But Clearview does not cooperate with requests for access.

Penalty payments

Clearview did not stop the violations after the AP's investigation. Therefore, the AP has ordered those violations to cease. If Clearview fails to do so, the company must pay penalty payments totaling up to 5.1 million euros on top of the fine.

American company

Clearview is an American company with no presence in Europe. Other privacy regulators in Europe have previously fined Clearview, but the company does not seem to be modifying its behavior. Therefore, the AP is looking for ways to make sure Clearview stops the violations. One way is to investigate whether the company's executives can be held personally responsible for the violations.

Wolfsen: "Such a company should not be allowed to continue violating the rights of Europeans with impunity. Certainly not in this serious and massive way. We will now investigate whether we can hold the management of the company personally liable and fine them for directing these violations. That liability is already there even if executives know that the AVG is being violated, are empowered to stop it but fail to do so and thus knowingly accept those violations.

Clearview did not appeal this decision and thus cannot appeal the fine.