Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Courts The Almighty Buck

Clearview AI Fined $33.7 Million Over 'Illegal Database' of Faces (apnews.com) 40

An anonymous reader quotes a report from the Associated Press: The Dutch data protection watchdog on Tuesday issued facial recognition startup Clearview AI with a fine of $33.7 million over its creation of what the agency called an "illegal database" of billion of photos of faces. The Netherlands' Data Protection Agency, or DPA, also warned Dutch companies that using Clearview's services is also banned. The data agency said that New York-based Clearview "has not objected to this decision and is therefore unable to appeal against the fine."

But in a statement emailed to The Associated Press, Clearview's chief legal officer, Jack Mulcaire, said that the decision is "unlawful, devoid of due process and is unenforceable." The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR. "Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world," DPA chairman Aleid Wolfsen said in a statement. "If there is a photo of you on the Internet -- and doesn't that apply to all of us? -- then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China," he said. DPA said that if Clearview doesn't halt the breaches of the regulation, it faces noncompliance penalties of up to $5.6 million on top of the fine.
Mulcaire said Clearview doesn't fall under EU data protection regulations. "Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
This discussion has been archived. No new comments can be posted.

Clearview AI Fined $33.7 Million Over 'Illegal Database' of Faces

Comments Filter:
  • by sconeu ( 64226 ) on Tuesday September 03, 2024 @04:17PM (#64759774) Homepage Journal

    But does their database include photos of citizens of either the Netherlands or the EU? At that point, they do fall under GDPR, as I understand it.

    • by taustin ( 171655 )

      If they have no presence or assets in the EU, the whether or not the EU wants it to apply is irrelevant, since they can't enforce it.

      • Have you never heard of extradition? Even without out it, you can be tried & sentenced in absentia & never be able to set foot in a country without being arrested. The law's the law.
        • by taustin ( 171655 )

          Have you never heard of extradition?

          The US can pull that off with citizens of other countries. Good luck on the reverse, especially when the target can afford real lawyers.

          Plus, this is a fine against the company, not against individuals. How do you propose to extradite a company?

          Even without out it, you can be tried & sentenced in absentia & never be able to set foot in a country without being arrested.

          I'm sure they're crushed at not being able to go to a country they never had any interest in going to in the first place.

          The law's the law.

          And sovereignty is sovereignty. And the US really doesn't give a shit about other countries' laws.

          • I suspect that the US State Department don't share your sentiments on other countries' & regions' laws. Do you think the USA would like to earn the same reputation as Russia for being a safe harbour for international criminals? & do you think the FBI & their international investigations would still be received so well in countries where the US courts have been uncooperative? The EU can issue subpoenas to require certain employees of a corporation to appear before a court. There are a lot of coun
            • by taustin ( 171655 )

              You clearly haven't been paying any attention at all for the last several decades. The US extradites foreign nationals who have never been to the US for things that violate US law, but not necessarily the laws of the country they're done it, all the time, and foreign governments cooperate.

              The reverse doesn't happen, because the US is the king of the world.

              • The country in question must submit an extradition request, first through diplomatic channels, i.e. the State Department, & then, if approved, to the DoJ (Process outlined here: https://www.justice.gov/jm/jm-... [justice.gov]). Yes, it's a long & difficult process & there are lots of ways for suspects to delay & contest their extradition. The US does not normally grant bail for international extradition. However, if they do this & the extradition goes ahead, you can imagine that the foreign court that
    • by Xenx ( 2211586 )

      At that point, they do fall under GDPR, as I understand it.

      Like a lot of law questions, it depends. From what I see, the GDPR claims it applies by virtual of public international law. While doing some quick reading of interpretations, it only might apply. The specifics of when/how are beyond my desire to learn.

    • I think, what Clearview is implying, is that having no place of business and no customers in NL or EU, they can't be made to pay. But it also means they can't ever do any business in EU, as they would have to first clear their past fines and it would not be worth.

      • by thegarbz ( 1787294 ) on Tuesday September 03, 2024 @05:25PM (#64759936)

        This! Yes the fine itself is unenforceable as it stands right now, but it is also a pre-emptive block. The EU (and the Netherlands especially) have a long history of fining / finding against people in absentee.

        The thing is, while it sounds like it's an unfair price for market entry, this ruling isn't wrong. The GDPR protects the population and you can't enter a market at a later date and claim all the sins of the past were invalid because you simply didn't have a place of business in the EU. The fine here is pre-emptive, effectively letting the company know their database is not in compliance which will lead to some interesting discussions if they ever decide they *do* want to expand into the EU.

    • Re:Dutch residents? (Score:4, Interesting)

      by Local ID10T ( 790134 ) <ID10T.L.USER@gmail.com> on Tuesday September 03, 2024 @05:53PM (#64760024) Homepage

      But does their database include photos of citizens of either the Netherlands or the EU? At that point, they do fall under GDPR, as I understand it.

      That is what is known as extra-jurisdictional reach.

      It is illegal to post about the Tiananmen square massacre under Chinese law. I am not subject to Chinese law and thus can say whatever I want -but it is still a violation of Chinese law: they just cannot enforce it upon me. Clearview is based in NY, USA. They are subject to US law, and New York law. Any other laws can only be enforced on them with the agreement of the US government (which wont happen), or by force of arms (which would be defended by the US government/military).

      Most international legal violations are resolved voluntarily due to business interests. If the owners of Clearview are careful they have no business interests that the Netherlands government can use to put pressure on them to comply. They could issue an international arrest warrant for the executives -if they are found traveling within the EU they could be detained, but that would create a diplomatic incident with the USA (as the executives are US citizens and have not broken US laws).

      The EU will have to negotiate with the USA to convince the USA to change its laws to stop this type of violation. It is unlikely to succeed.

    • They have no business footprint there. How can you possibly think they have jurisdiction in this scenario? What you gonna do, raid their USA office? Highly unlikely. Clearview isn't in that market in any capacity.

      The quiet part is clearview has probably sold this database to any and every government that exist because government is all about spying on it's citizens with facial recognition. Isn't this pretty much used at all airports these days?

      Not saying I agree with it but I can't see how the EU or an indi

      • by tlhIngan ( 30335 ) <slashdot&worf,net> on Tuesday September 03, 2024 @11:02PM (#64760500)

        It might be important if some LEO in the US wants to extradite an EU citizen though.

        Because if Clearview AI is illegal in the EU, it's also illegal to use it as evidence in the EU. So if you want to extradite some EU citizen over some crime, and you used Clearview AI's servicse to obtain the identity, then basically you're screwed.

        That evidence was illegal evidence and you're going to need a lot more information to justify extradition.

        Remember, in a trial for extradition, you need to show you have sufficient evidence to convict, and evidence that was obtained illegally in the country is still illegal evidence even if it's critical to your case, which can mean the extradition fails and crime goes unpunished.

        So yes, it can be useful on US soil, against US citizens, but if it comes up with someone from Australia, the EU or other countries, suddenly hearts should start sinking because the use of it has basically made it impossible to prosecute. They can be tried in absentia but that's not really a big win as the guy is still free.

      • by Teun ( 17872 )

        If I was clearview, I'd tell them to shove their fine where the sun don't shine. They literally have no way to punish clearview here.

        The boss of Telegram might differ on this presumption :)

  • by Anonymous Cward ( 10374574 ) on Tuesday September 03, 2024 @04:25PM (#64759804)
    They've been fined internationally. France, Italy, Australia already ruled against them. Californians should go after them next, and bring the battle back to the states.
    • They've been fined internationally. France, Italy, Australia already ruled against them. Californians should go after them next, and bring the battle back to the states.

      And unless they do business there they can simply ignore the fines, just as Dutch company would ignore judgements under the ADA or fines by say, Iran. The only risk is to an employee that might wind up in a country that fined them.

      • Pavel Durov can testify that any CEO not abiding to the low risks being detained.
      • by AmiMoJo ( 196126 )

        It means they can't expand into the EU, limiting their market. That's a good thing, we don't want companies like Clearview operating here.

    • by jaa101 ( 627731 )

      Australia's privacy regulator has recently announced that it's stopped pursuing Clearview. [theguardian.com] Their original ruling still stands but they've never collected any fines nor even had any confirmation from Clearview that they've complied with the order to cease collecting images and to delete those already collected.

  • Even if they could collect the fine - which it seems they can't - call it $35 million for 1 billion faces. At 35 cents per face, that's gotta hurt. /sarc

    But I guess it establishes a precedent which - theoretically - in effect prevents Clearview from doing any business in the EU. I say "theoretically" because any European businesses that wish to use Clearview's services can probably do so without their governments knowing about it.

  • That's about $0.02 per image. Did ClearviewAI have to delete the database or can they still keep monetizing it?
  • by ledow ( 319597 )

    "If there is a photo of you on the Internet -- and doesn't that apply to all of us? -- then you can end up in the database of Clearview and be tracked"

    And without explicit consent, and if your software is scraping images hosted in the EU, you have just not only "done business in the EU" but broken data protection laws in that jurisdiction.

    And if you scraped images of kids? Ouch. Good luck with that. Not even schools are allowed to post images of kids without prior written consent in most EU jurisfictions

  • There is no way they can enforce this apart from trying to arrest the CEO and getting America to do its bidding.

    The problem though is, if they are using a .com domain for their website, or any other US based domain names (IE: that don't end in .uk or similar) then that's their fault, not Clearwire's. There is currently no way to distinguish where a website is based reliably. Some websites have addresses, but not all, and Cloudflare prevents the use of IP addresses to determine location.

    Texas has laws
  • Well, they just bought the data, nice and square, if they are let keep it.

Garbage In -- Gospel Out.

Working...