This is the fourth fine Clearview has received (so far) in Europe. (Clearview) for its processing of facial images of individuals residing in France. Any questions regarding this news item should be directed to the supervisory authority concerned.On October 20, 2022, the French data protection authority (the CNIL) announced a €20 million fine against Clearview AI Inc. This news item was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. The news published here does not constitute official EDPB communication, nor an EDPB endorsement. Ordinanza ingiunzione nei confronti di Clearview AI - 10 febbraio 2022 (IT) ordered the Company to designate a representative in the territory of the European Union.ordered erasure of the data, including biometric data, processed by its facial recognition system with regard to persons in the Italian territory, subject to the obligation to timely reply to such requests for the exercise of the rights under Articles 15 to 22 of the Regulation as may have been received from data subjects in accordance with Article 12(3) of the Regulation.imposed a ban on any further collection, by way of web scraping techniques, of images and the relevant metadata concerning persons in the Italian territory and on further processing of the standard and biometric data that are handled by the Company via its facial recognition system and concern persons in the Italian territory.The Italian SA imposed a fine amounting to EUR 20 million. Additionally, the company infringed several fundamental principles of the GDPR, such as transparency, purpose limitation, and storage limitation it failed to provide the information set out by Article 13-14, to provide information on an action taken on a request under Article 15 within the due timeframe, and to designate a representative in the EU. The personal data held by the company, including biometric and geolocation information, were processed unlawfully without an appropriate legal basis – since the legitimate interest of the US-based company does not qualify as such. The inquiries and assessment by the Italian SA found several infringements by Clearview AI Inc. Moreover, the Garante received, during 2021, four complaints and two alerts by two organisations that are active in the field of protecting privacy and the fundamental rights of individuals against Clearview. The Italian SA launched an own volition proceeding following press reports on several issues in connection with facial recognition products which were offered by the Clearview AI Inc. Summary of the Decision Origin of the case Key words: Web Scraping, Images Database, Facial Recognition, Biometric Data, AI systems, Geolocation, Jurisdiction under EU law, Representative in the EU. Legal Reference: Principles relating to processing of personal data (Article 5(1)(a)(b)(e)) Lawfulness of processing (Article 6) Processing of special categories of personal data (Article 9) Transparent information, communication and modalities for the exercise of the rights of the data subject (Article 12) Information to be provided where personal data are collected from the data subject (Article 13) Information to be provided where personal data have not been obtained from the data subject (Article 14) Right of access by the data subject (Article 15) Representatives of controllers not established in the Union (Article 27).ĭecision: The Italian SA imposed a fine amounting to EUR 20 million, imposed a ban on further collection and processing, ordered the erasure of the data, including biometric data, processed by the Company’s facial recognition system with regard to persons in the Italian territory and the designation of a representative in the territory of the European Union. Cross-border case or national case: national case, Article 3(2) applies
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |