Netherlands’ DPA fines Clearview AI €30.5 million and may impose penalties on directors personally



The Netherlands’ Data Protection Authority issued, on 3 September, a fine of €30.5 million on Clearview AI for illegal data collection for facial recognition purposes.

The DPA says that Clearview did not stop the violations after its investigation. Consequently, the DPA has issued a stop order. If Clearview fails to comply with this order, the company will have to pay penalties, a total maximum amount of €5.1 million in addition to the fine.

The DPA states “Clearview has not objected to this decision and is therefore unable to appeal against the fine.”

Dutch DPA chairman Aleid Wolfsen said: “Clearview breaks the law, and this makes using the services of Clearview illegal. Dutch organisations that use Clearview may therefore expect hefty fines from the Dutch DPA.”

In an unprecedented move, the DPA says it is looking into the possibility of holding the company’s directors personally responsible for the violations. Other DPAs have fined Clearview in the last few years, e.g. the UK ICO issued a fine of £7.5 million in 2022, and ordered UK data to be deleted.

Wolfsen said: “That liability already exists if directors know that the GDPR is being violated, have the authority to stop that, but omit to do so, and in this way consciously accept those violations.”

See the decision

On 26 August the Dutch DPA imposed a fine of €290 million on Uber on transfers of European taxi drivers' data to the US. More details and commentary will appear in PL&B International Report, October 2024.