By Decision No 35/2022, the Authority examined a complaint against Clearview AI Inc, lodged by the civil nonprofit organization “Homo Digitalis” on behalf of a complainant, who claimed that s/he was not satisfied in relation to the right of access s/he exercised before the aforementioned company. By the complaint it was also requested that the practices of the defendant company on the whole be examined from the point of view of the protection of personal data. In particular, the Authority found that in this case the company, which markets facial recognition services, violated the principles of lawfulness and transparency (art. 5 paragraphs 1(a), 6, 9 GDPR) and its obligations under Articles 12, 14, 15 and 27 of the GDPR, imposing a fine of twenty million euros (20 000 000). In addition, the Authority issued a compliance order to the same company so that the latter satisfies the complainant’s request for access to personal data, while imposing on the same company a prohibition on the collection and processing of personal data of subjects located in the Greek territory, using methods included in the facial recognition service. Finally, with this Decision, the Authority sent Clearview AI Inc. an order to delete the personal data of those subjects located in Greece, which the defendant collects and processes using those methods.
35_2022 anonym_EN_FINAL.pdf342.96 KB