Clearview denies jurisdiction of French regulator in response to €20M fine
CNIL also ordered U.S.-based Clearview to stop collecting and processing the biometric data of people in France, for which it says there is not legal basis, and to delete the data it holds.
The €20 million (US$19.7 million) penalty levied by the CNIL is the maximum allowable under GDPR Article 83. Additional fines of €100,000 ($98,000) per day will be imposed if Clearview does not follow CNIL’s directions regarding the facial recognition data of French subjects, the announcement says.
Clearview holds 20 billion facial images of people around the world, according to the regulator.
Clearview CEO Hoan Ton-That told AFP that the company is not subject to GDPR, has no clients or presence in France, and cannot determine who in its database are residents of France, pointing out that “(t)here is no way to determine if a person has French citizenship purely from a public photo from the internet.”
The original order by CNIL was announced last December, though the regulator says Clearview was informed of its decision in November. It alleges unlawful processing of personal data by Clearview, failures to facilitate access and erasure as mandated by GDPR, and to cooperate with the CNIL. Therefore, it says the company is in breach of GDPR articles 6, 12, 15, 17 and 31.
Clearview’s method of building its dataset for facial recognition algorithm training was recently granted a patent by the USPTO.