Details:

Summary The Dutch DPA has fined Clearview Al Inc. EUR 30,500,000. Clearview, a company offering facial recognition services, holds a database of over 30 billion images, including those of Dutch citizens. These images are scraped from publicly available online platforms, such as social media. Clearview uses these images to create biometric profiles, allowing individuals to be identified.
During its investigation the DPA found that the personal data contained in the company’s database had been processed unlawfully and without a valid legal basis. Furthermore the company violated the principle of transparency by failing to adequately inform data subjects about the processing of their data. Additionally, the company did not respond to two access requests from data subjects. The company also failed to facilitate the right of access of data subjects located within the territory of the Netherlands. Lastly, the company had not appointed a representative within the European Union as required under the GDPR.
Link: link link link
Related articles:  Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 9 (1) GDPR, Art. 12 (1), (2) GDPR, Art. 14 (1), (2) GDPR, Art. 27 (1) GDPR
Type: Non-compliance with general data processing principles
Fine: EUR 30,500,000
Sector Industry and Commerce

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law