Italian DPA fines Clearview AI €20 million
The Italian data protection authority – Guarantor for the protection of personal data – fined the US-based company Clearview AI EUR 20 million after finding it applied what amounted to biometric monitoring techniques also to individuals in the Italian territory.
The findings showed that the personal data held by the company, including biometric and geolocation information, were processed unlawfully without an appropriate legal basis – since the legitimate interest of the US-based company does not qualify as such. Additionally, the company infringed several fundamental principles of the GDPR including transparency – as it failed to adequately inform users -, purpose limitation – as it processed users’ data for purposes other than those for which they had been made available online -, and storage limitation – as it did not set out any data storage period.
Based on the infringements found, the Italian DPA fined Clearview AI EUR 20 million and ordered the company to erase the data relating to individuals in Italy; it banned any further collection and processing of the data through the company’s facial recognition system.
Source: Riconoscimento facciale: il Garante privacy sanziona Clearview per 20… – Garante Privacy