French privacy watchdog fines Clearview AI for violating privacy

Occurred: October 2022

France's privacy watchdog, the CNIL, fined controversial facial recognition company Clearview AI EUR 20 million for breaching privacy rules. 

The CNIL fined Clearview AI for unlawfully collecting and processing the personal data of French residents without consent, violating the EU's General Data Protection Act (GDPR). 

The regulator also ordered the company to stop collecting data from people residing in France and delete the data it had already collected. The watchdog said there were "very serious risks to the fundamental rights of the data subjects". 

The CNIL had ruled in 2021 that Clearview had been processing personal data unlawfully and ordered it to stop, but said that the firm had not responded. 

Clearview AI faced similar penalties in other countries, including the UK, Italy, and Greece. Despite these fines, Clearview AI refused to pay, asserting that it is not subject to EU privacy laws as it claims to have no clients or operations in the EU. 

"There is no way to determine if a person has French citizenship purely from a public photo from the internet, and therefore it is impossible to delete data from French residents," Clearview CEO Hoan Ton-That said.

The ruling was seen to highlight the growing pressure on Clearview AI, and the difficulties of regulating AI effectively across diffreent jurisdictions.

May 2023. The CNIL fined Clearview AI an additional EUR 5.2 million for failing to comply with its October 2022 ruling. 

July 2022. The Greek data protection authority (Hellenic DPA) imposed an EUR 20 million fine on Clearview AI, the highest fine it ever imposed, and also required Clearview AI to delete and stop processing data of data subjects located in Greece.

May 2022. The UK ICO imposed a fine of over GBP 7.5 million on Clearview AI and ordered it to delete and stop processing data of UK residents.

February 2022. T