Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subjects request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

CNIL issues €20 million GDPR fine to Clearview AI

GDPR fine Clearview AI facial recognition

On 20 October 2022, the French Data Protection Agency – CNIL, imposed a €20 million fine on Clearview AI over their facial recognition technology.

Following the formal notice that went unaddressed, the CNIL issued a maximal fine and ordered Clearview AI to cease all collection and usage of personal data on individuals in France without the proper legal basis and to delete the data already in use within a period of two months.

If fail to do so, Clearview AI could face additional penalties of €100,000 per day of delay following two months after the decision.

Clearview AI’s facial recognition

Clearview AI provides an intelligence platform powered by facial recognition technology that includes a facial network of 30+ billion facial images sourced from the public internet, public social media, videos available online on all platforms, and other open sources.

Essentially, the company builds a biometric template, a digital representation of a person’s physical characteristics, in this case, face, allowing access to an image database through a search engine in which a person can be searched using a photograph.

The company offers this service to law enforcement authorities in order to identify perpetrators or victims of crime. However, the vast majority of people whose images are collected into the search engine are unaware of this processing.

CNIL’s investigation

Back in May 2020, the CNIL received complaints from individuals regarding Clearview AI’s facial recognition platform concerning the difficulties they encountered when trying to exercise their rights of access or their right of erasure.

The following year, the association Privacy International also warned the CNIL about this practice, which ultimately led to the opening of an investigation.

CNIL’s investigation uncovered violations of Articles 6, 12, 15, 17, and 31 of the General Data Protection Regulation (GDPR) regarding the unlawful processing of personal data since the data was collected and used without proper legal basis and violation of the rights of individuals, especially their right to access.

On 26 November 2021, the CNIL issued  CLEARVIEW AI formal notice, giving Clearview AI two months to cease the collection and use of data of persons on French territory in the absence of a legal basis, to facilitate the exercise of individuals’ rights and to comply with requests for erasure. However, Clearview AI did not provide any response.

Unlawful processing of personal data

The investigation revealed that Clearview AI’s facial recognition software uses a collection of images containing faces that are used for commercial purposes, including the provision of data to law enforcement agencies in the US, without consent from persons whose personal data had been processed, nor legitimate interest in collecting and using that data.

CNIL specifically addressed the intrusive and massive nature of the process, which collects images of millions of individuals in France who do not reasonably expect their images to be processed by the company to supply a facial recognition system used by States for law enforcement purposes.

Violation of individual’s rights

As mentioned in the complaints addressed to CNIL back in 2020, the investigation confirmed that Clearview AI does not facilitate the exercise of the data subject’s right of access.

Clearview AI limited the exercise of the right to access data to data collected only in the past twelve months preceding the request, restricting the exercise of this right to twice a year, and responding to certain requests only after an excessive number of requests from the same person.

The company also provided partial responses and did not respond effectively to the right to erasure.

Lack of cooperation

CNIL also addressed Clearview AI’s violation of Article 31 by failing to cooperate with the data protection authority since the company provided only partial responses to the investigation form.

The most evident lack of cooperation was the lack of any response to the formal notice that was issued on November 26, 2021, giving Clearview AI two months to cease the collection and use of personal data.

CNIL’s fine

Taking into consideration serious risks to the fundamental rights of individuals, the massive nature of the processing, and the lack of cooperation with the data protection authority, CNIL fined Clearview AI issuing a maximal fine of €20 million and a penalty of €100,000 per day of delay following two months after the decision.

CNIL also issued an order to Clearview AI to stop the processing and collection of personal data of individuals in French territory and to delete personal data that has been collected without a proper legal basis.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top