wp-plugin-hostgator domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114ol-scrapes domain was triggered too early. This is usually an indicator for some code in the plugin or theme running too early. Translations should be loaded at the init action or later. Please see Debugging in WordPress for more information. (This message was added in version 6.7.0.) in /home4/scienrds/scienceandnerds/wp-includes/functions.php on line 6114Source:https:\/\/techcrunch.com\/2023\/05\/10\/clearview-ai-another-cnil-gspr-fine\/<\/a><\/br> Clearview AI, the U.S. startup that\u2019s attracted notoriety in recent years for a massive privacy violation after it scraped selfies off the internet and used people\u2019s data to build a facial recognition tool it pitched to law enforcement and others, has been hit with another fine in France over non-cooperation with the data protection regulator.<\/p>\n The overdue penalty payment of \u20ac5.2 million has been issued by the French regulator, the CNIL \u2014 on top of a \u20ac20 million sanction it slapped the company with last year for breaching regional privacy rules.<\/p>\n The European Union\u2019s General Data Protection Regulation (GDPR) sets out conditions for processing personal data lawfully. Clearview has been found to have breached a number of requirements set out in law \u2014 by France\u2019s CNIL and several other regional data protection authorities, including authorities in the U.K.<\/a>, Italy<\/a> and Greece<\/a>, garnering several tens of millions in total fines to date.<\/p>\n Whether Clearview will ever pay any of these fines remains an open question, since the US-based company has not been cooperating with EU regulators.<\/p>\n In a press release<\/a> today, the CNIL said Clearview has failed to complied with the order it issued last October<\/a> \u2014 when it imposed the maximum possible size of penalty it could (\u20ac20 million) for three types of breaches of the GDPR.<\/p>\n That 2022 order followed an earlier finding, in December 2021<\/a>, when \u2014 after investigating complaints \u2014 the CNIL decided Clearview had breached the GDPR by unlawfully processing several tens of millions of citizens\u2019 data; and failing to provide locals with data access rights.<\/p>\n It was Clearview\u2019s failure to comply with the CNIL\u2019s December 2021 order that led, in October 2022, to the French watchdog adding a third breach finding to its tally \u2014 lack of cooperation with the regulator \u2014 and issuing the biggest fine it possibly could under the GDPR. (The regulation allows for fines of up to 4% of global annual turnover or \u20ac20 million, whichever is higher.)<\/p>\n The CNIL\u2019s order also instructed Clearview not to collect and process data on individuals located in France without a proper legal basis; and to delete data of individuals whose information it had processed unlawfully, after fulfilling any outstanding data access requests.<\/p>\n At the time the CNIL committee responsible for issuing sanctions gave Clearview a two month deadline to comply with the order \u2014 with the threat of further fines if it did not do so (at a cost of \u20ac100,000 per overdue day).<\/p>\n Safe to say, the demonstrably uncooperative U.S. company has failed to play ball yet again \u2014 hence the latest CNIL fine, which appears to be billing Clearview for 52 days of non-compliance.<\/p>\n \u201cClearview AI had two months to comply with the order and justify compliance to the CNIL. However, the company did not send any proof of compliance within this time limit,\u201d the regulator writes. \u201cOn 13 April 2023, the restricted committee considered that the company had not complied with the order and consequently imposed an overdue penalty payment of \u20ac5,200,000 on Clearview AI.\u201d<\/p>\n We reached out to the CNIL with questions. A spokesperson for the regulator confirmed to us that Clearview has not paid any of the penalties the CNIL has issued, telling TechCrunch: \u201cThey still are [non-]compliant \u2014 that\u2019s why we imposed an overdue penalty payment of \u20ac5,200,000.\u201d<\/p>\n \u201cWith regard to the injunction, the CNIL is continuing to work with its American counterpart, the Federal Trade Commission (FTC), to discuss how we can ensure that the injunction issued against the company is enforced,\u201d they added when asked what powers they have to enforce the order on the US-based company. \u201cWith regard to the penalty payment, the Ministry of Economy and Finance is approaching the FTC to consider existing and possible means of collecting the fine and the penalty payment.\u201d<\/p>\n The CNIL also volunteered that it will not be seeking to block Clearview\u2019s website in France \u2014 saying such a step would not be relevant to the key lawfulness of processing issue. \u201cThe CNIL is questioning the way in which personal data is collected by the company, i.e. without any legal basis, by sucking up publicly accessible photographs on the Internet in order to feed its tool,\u201d the spokesperson added.<\/p>\n Clearview was also contacted for a response.<\/p>\n Its PR agency, the LAKPR Group, responded with its (now) customary denial that the EU law applies to its business:<\/p>\n Clearview AI does not have a place of business in France or the EU, it does not have any customers in France or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR.<\/p>\n<\/div>\n<\/div>\n<\/blockquote>\n (NB: The GDPR applies to the personal data of EU peoples so Clearview would need to have never scraped locals\u2019 selfies off the Internet for the bloc\u2019s data protection law not to apply and, notably, its statement does not say it has never processed Europeans\u2019 data.)<\/p>\n Clearview\u2019s statement re: what it couches as \u201cthe misinterpretation by some in France, where we do no business, of Clearview AI\u2019s technology to society\u201d is attributed to its CEO, Hoan Ton-That. In it he goes on to repeat a claims that he only created the facial recognition technology for \u201cthe purpose of helping to make communities safer and assisting law enforcement in solving heinous crimes against children, seniors and other victims of unscrupulous acts\u201d; adding: \u201cWe only collect public data from the open internet and comply with all standards of privacy and law.\u201d<\/p>\n While France\u2019s CNIL may have to whistle for the millions owed by Clearview, the fine announcements do have the effect of essentially preventing the AI company from setting up shop in France \u2014 i.e. unless it\u2019s willing to pay up when the CNIL\u2019s debt collectors come calling.<\/p>\n Add to that, and perhaps more importantly, all these GDPR penalties act as a deterrent to other entities in the region from using Clearview\u2019s services \u2014 since they risk being fined themselves, as happened back in 2021<\/a> with a Swedish police authority caught using Clearview unlawfully, for example.<\/p>\n So while EU people\u2019s data is still not being protected from abusive processing by privacy-hostile AI companies like Clearview, the GDPR may at least be helping to limit damage by making it de facto impossible for it to do business in the region. Although there\u2019s no doubt the saga underlines the challenge of enforcing a regional rulebook on uncooperative foreign entities in an age of big cross-border data flows.<\/p>\n There\u2019s more EU regulation incoming for AI too, with the bloc\u2019s lawmakers very busy hashing out the final details of the AI Act: A regulation on use of artificial intelligence which was proposed by the Commission back in 2021<\/a>. The draft version of this risk-based framework includes a prohibition on the use of remote biometrics in public places \u2014 which Clearview may have helped inspire.<\/p>\n
\nClearview fined again in France for failing to comply with privacy orders<\/br>
\n2023-05-10 22:56:43<\/br><\/p>\n\n