Clearview Al Inc. – €20,000,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Clearview AI was fined EUR 20 million by the Italian data protection authority for illegally collecting and using facial images of Italian residents. The company failed to inform users about data processing and used data for unauthorized purposes. This case emphasizes the importance of transparency and legal basis in data processing, especially for biometric data.
What happened
Clearview AI collected and used facial images of Italian residents without a valid legal basis or proper user information.
Who was affected
Italian nationals and residents whose facial images were collected and processed by Clearview AI without consent.
What the authority found
The Italian authority ruled that Clearview AI violated GDPR by processing personal data unlawfully and without transparency.
Why this matters
This fine highlights the serious consequences of non-compliance with data protection laws, particularly for companies dealing with sensitive biometric data. It serves as a warning for businesses to ensure they have a valid legal basis and clear user communication.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Italian DPA has fined U.S.-based Clearview AI EUR 20 million after it was revealed that the company had been applying biometric surveillance techniques on Italian territory. The company owns a database of over 10 billion facial images from around the world. The company offers a search service that allows profiles to be created based on the biometric data extracted from the images. The profiles can be enriched with information associated with these images, such as image tags and geolocation. The DPA launched an investigation into the company after it became known that Clearview - contrary to initial claims - also enabled searches of Italian nationals and residents. The DPA found that the personal data contained in the company's database had been processed unlawfully and without a valid legal basis. In addition, the DPA found that the company had violated several principles of the GDPR. For example, the company had violated the principle of transparency by failing to adequately inform users about the processing of their data. Clearview had also violated the principle of purpose limitation, by processing users' data for purposes other than those for which they had been made available online. Finally, it violated the principle of storage limitation by not specifying a time period for data storage.
Related Enforcement Actions (0)
No other enforcement actions found for Clearview Al Inc. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 February 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€20,000,000
Enforcement Tracker ID
ETid-1098
About this data
Cite as: Cookie Fines. Clearview Al Inc. - Italy (2022). Retrieved from cookiefines.eu
Last updated: