Clearview AI – Court Ruling (Austria, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Clearview AI faced scrutiny for its facial recognition technology that processes personal images without proper legal justification. A court ruled that while Clearview violated data protection rules, it didn't impose a ban on its data processing activities. This decision raises concerns about the ongoing use of facial recognition technology.
What happened
Clearview AI was found to have processed personal data without a valid legal basis.
Who was affected
Individuals whose images were processed by Clearview AI's facial recognition platform.
What the authority found
The court confirmed that Clearview violated GDPR but decided that erasing the data was sufficient without an additional prohibition on processing.
Why this matters
This case underscores the need for clear legal grounds for data processing, especially in emerging technologies like facial recognition. It signals that companies must be cautious about how they handle personal data.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
On the 27 May 2021 noyb filed a complaint against Clearview AI, here the controller, with the Austrian DPA (Datenschutzbehörde – DSB). Clearview AI is a company which provides a facial recognition platform allowing users to compare photos of people with images of them found online. noyb brought forward that the controller could not rely on a legal basis for the processing of personal data of the represented data subject. More importantly, noyb requested for the data processing activities of the controller to be banned by the DPA under Article 58(2)(f) GDPR. The DSB found that the controller had violated the GDPR (see DSB (Austria) - 2022-0.277.156). However, the DSB decided that the erasure of the personal data was an appropriate measure under Article 58 GDPR and that the additional prohibition therefore would not be necessary. noyb appealed the dismissal of the prohibition request to the Federal Administrative Court of Austria (Bundesverwaltungsgericht – BVwG). noyb’s argument noyb stated that the mere confirmation of a violation did not provide adequate legal protection from future unlawful data processing. noyb explained that even if the controller deleted the data subject’s personal information, it was likely that the controller would again process the data subject’s pictures as its business model is based on finding pictures of people online and processing them. Further, noyb argued that the data subject did have a subjective right to a prohibition on the processing as it was the only effective option available. The controller continuously scans the internet for pictures so if the data subject’s pictures were deleted it would only be a matter of time until they would be processed again. Additionally, a subjective right to an injunction was necessary as otherwise data subjects would have to bring a separate action for an injunction. This would put data subjects at a disadvantage particularly in regard to the cost of bringing such an action. noyb therefo
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Related Cases (1)
Other cases involving Clearview AI in AT
Details
About this data
Cite as: Cookie Fines. Clearview AI - Austria (2025). Retrieved from cookiefines.eu
Last updated: