Technology companies from outside the EU are refusing to pay privacy fines imposed by European regulators. Privacy watchdogs are missing out on millions of euros as a result. The Autoriteit Persoonsgegevens is aware of this and has made proposals to the cabinet and the House of Representatives to address this problem.
The issue is topical in our country, according to the medium, as the Autoriteit Persoonsgegevens is investigating U.S. tech company Clearview AI. The company uses scraping software to build a face database. According to experts, this now consists of more than a hundred billion photos. To do this, however, the company did not ask users' permission, in violation of European privacy laws.
Greek, Italian and French regulators issued fines of up to 20 million euros for this. Privacy watchdogs from Belgium, Sweden, Germany, Canada and Australia ordered Clearview to stop collecting photos of citizens and remove photos from its database. The fines imposed have not been paid to date, the regulators confirmed to BNR when asked.
"It appears that Clearview is processing too many and unlawful faces. That's why the company has our attention. It's a serious issue," AP board chairman Aleid Wolfsen told reporters in June about the Clearview AI investigation.
Clearview is not the only U.S. company not paying its privacy fines. In May 2021, the Autoriteit Persoonsgegevens imposed a €525,000 fine on Locatefamily.com. The regulator, like nine other European supervisory bodies, received dozens of complaints from people who had no idea how their names, addresses, phone numbers and other personal data had ended up on Locatefamily.com's website. This fine was never paid either.
The problem is not with tech companies like Meta and TikTok. Why not? For the simple reason that they have appointed a European representative in the EU. As a result, they can be held financially liable. If a company has no European representative, then privacy regulators have their backs against the wall and can do nothing to force payment. "Then such a fine is almost symbolic. If they don't pay it, they don't pay it," privacy lawyer Thijmen van Hoorn of Dirkzwager Legal & Tax told BNR.
Lotte Houweling of civil rights movement Bits of Freedom finds it worrisome that European regulators cannot form a fist against companies that flout privacy laws. "Surely it cannot be that we have made legislation with such a hole in it?" she wonders aloud.
Just before the launch of the Clearview AI investigation, the Autoriteit Persoonsgegevens sent a number of proposals to the cabinet and the House of Representatives to remedy the problem. Making it mandatory to appoint a European representative the moment non-European companies process personal data of Europeans could help collect imposed privacy fines. International treaties could also be concluded on paying administrative fines in the area of privacy violations.
The Autoriteit Persoonsgegevens is looking at the possibility of taking additional measures under the current rules. Among other things, the regulator is considering the possibility of targeting directors and customers of companies that do not employ an EU representative. "That means that as soon as the director of such a company lands in the EEA, they can be addressed for that fine," a spokesperson told BNR.
