Greece
Clearview Al Inc.
GDPR enforcement action by Hellenic Data Protection Authority (HDPA) on 2022-07-13.
Case details
- Authority
- Hellenic Data Protection Authority (HDPA)
- Date
- 2022-07-13
- Controller / Processor
- Clearview Al Inc.
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 5 (1) a) GDPR, Art. 6 GDPR, Art. 9 GDPR, Art. 12 GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 27 GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Hellenic DPA has imposed a fine of EUR 20,000,000 on Clearview AI Inc. The non-profit organization "Homos Digitalis" had filed a complaint with the DPA on behalf of the data subject. The company holds a database of more than 20 billion facial images (including those of greek residents and nationals) from around the world. The data is collected online from publicly accessible platforms such as social networks. The company offers a search service that allows individuals be identified based on the biometric data extracted from the images. Individuals' profiles can be enriched with information associated with those images, such as image tags and geolocation. In the course of its investigation the DPA found that the personal data contained in the company's database had been processed unlawfully and without a valid legal basis. Also, the DPA found that the company had not provided the data subject with access to their personal data and thus violating Art. 15 GDPR. Furthermore, Cleaview had violated the principle of transparency by failing to adequately inform users about the processing of their data.
Related fines