Clearview A.I. – €20,000,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Clearview A.I. was fined EUR 20 million by the Italian data protection authority for processing personal data without consent and failing to comply with GDPR requirements. The company argued that GDPR did not apply, but the authority disagreed, citing unlawful data processing. This case highlights the global reach of GDPR and the need for companies to comply with its rules even if they are based outside the EU.
What happened
Clearview A.I. processed personal data of individuals without consent and did not comply with GDPR requirements.
Who was affected
Individuals in Italy whose personal data was processed by Clearview A.I. without their consent.
What the authority found
The Italian authority found Clearview A.I. in violation of GDPR for processing data without a valid legal basis and failing to inform users.
Why this matters
This ruling reinforces the applicability of GDPR to companies outside the EU if they process data of EU residents. It serves as a reminder for businesses worldwide to ensure compliance with GDPR standards.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Clearview A.I. Inc. (Clearview) is a company conducting facial recognition on public web sources and is the data controller. Four data subjects had sought information from Clearview under Article 15 GDPR. Clearview replied to three of them and provided “special reports” containing the results obtained through the Clearview software. In 2021, these data subjects complained to the Italian DPA (Garante per la protezione dei dati personali) regarding the processing of their personal data by Clearview, without their consent. In addition, two "organisations committed to defending the privacy and fundamental rights of individuals" submitted information about precedents in Germany and Sweden, and their reports on activities of Clearview to the DPA. Based on the press reports on the activities of Clearview and the complaints submitted to it, the DPA opened an investigation. Before the DPA, Clearview submitted as follows: The GDPR was not applicable and the DPA lacked jurisdiction as Clearview was not offering its services in Italy and had utilized technical measures to block Italian IP addresses from accessing services of Clearview. Clearview was not carrying out any monitoring activity as per Article 3(2)(b) GDPR, and its search results were akin to Google Search. Clearview did not have a list of Italian customers, and its privacy policy did not refer to GDPR. Clearview did not have a representative in the Union as mandated by Article 27 GDPR. Accordingly, the activities of Clearview were not covered by the GDPR. Since 2019, law enforcement agencies in the United States (US) were using Clearview, “especially in the context of child pornography investigations”. This generated international interest and several European government agencies signed up for a test account for a short time. In March 2020, following complaints by regulators in European Union (EU), these test accounts, which were very few, were closed. Clearview does not have any customers in the EU, and it ensure
Related Enforcement Actions (0)
No other enforcement actions found for Clearview A.I. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 February 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€20,000,000
GDPRhub ID
gdprhub-4755About this data
Cite as: Cookie Fines. Clearview A.I. - Italy (2022). Retrieved from cookiefines.eu
Last updated: