![]() Certainly on the public sector side - and law enforcement remains a primary target for its ID-matching tech. ![]() So each prohibition Clearview racks up in an EU market shrinks its potential customer base. That said, DPAs can always go after any local entities foolish enough to become customers of the sanctioned entity - as Sweden’s watchdog did last year, fining a local police force for what it said was unlawful use of Clearview’s facial recognition software. While the EU’s GDPR does - on paper - have extraterritorial reach, meaning it applies outside bloc to anyone processing EU people’s data, enforcing against foreign entities that don’t have any local establishments or executives to serve sanctions on can make for hard practical limits on the law’s reach. ![]() But the lack of an EU-based Clearview entity makes it a lot harder for Italy to collect a fine. In a press release announcing the sanction the Garante also noted that it has ordered Clearvew to designate a representative in the EU “in order to facilitate exercise of data subject rights” - another legal requirement under EU law which it found the company had not fulfilled. However, whether Italy will be able to collect the €20M penalty from Clearview, a US-based entity, is one rather salient question. In December France’s CNIL also ordered Clearview to cease processing citizens’ data and gave it two months to delete any data it held but did not mention a financial sanction. It’s the strongest enforcement yet from a European privacy watchdog, with the UK’s ICO warning back in November of a possible fine when it also ordered Clearview to stop processing data. “Clearview AI’s activity therefore violates the freedoms of the data subjects, including the protection of confidentiality and the right not to be discriminated against,” the authority also said.Ĭlearview was contacted for comment on the latest GDPR sanction. Other General Data Protection Regulation (GDPR) breaches it identified included transparency obligations (on account of Clearview not having adequately informed users of what it was doing with their selfies) violations of purpose limitation and having used user data for purposes other than those for which they were published online and also breaches of data retention rules with no limit on storage. “The findings revealed that the personal data held by the company, including biometric and geolocation data, are processed illegally, without an adequate legal basis, which certainly cannot be the legitimate interest of the American company,” the Garante said in a press release. Its investigation was instigated following “complaints and reports”, it said, noting that as well as breaches of privacy law it found the company had been tracking Italian citizens and people located in Italy. Italy’s data protection agency today announced a €20 million penalty for breaches of EU law - as well as ordering the controversial company to delete any data on Italians it holds and banning it from any further processing of citizens’ facial biometrics. Another European privacy watchdog has sanctioned the controversial facial recognition firm, Clearview AI, which scrapes selfies off the Internet to amass a databased of some 10 billion of faces to power an identity-matching service it sells to law enforcement.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |