Clearview AI — Regulatory Actions
Clearview AI — Regulatory Actions
Clearview AI built a facial recognition database by scraping billions of photos from the public internet — social media, news sites, anywhere a face appears online. It then sold this technology to law enforcement and private companies.
Multiple countries said: this is illegal.
The Clearview AI enforcement actions are the clearest example of GDPR and data protection law being applied to AI at scale. They demonstrate that scraping publicly available data doesn’t make it free to use.
What Clearview AI Does
Clearview scraped over 30 billion facial images from public internet sources (Facebook, Instagram, LinkedIn, news sites, etc.) to build a facial recognition search engine. Upload a photo of someone → get back every public photo of them, with links to where the photos were found.
The technology is powerful. The legal basis for collecting and processing this biometric data without consent was, according to regulators across the world, nonexistent.
The Enforcement Actions
| Jurisdiction | Authority | Date | Action | Fine |
|---|---|---|---|---|
| 🇫🇷 France | CNIL | Oct 2022 | €20M fine, ordered deletion | €20M |
| 🇮🇹 Italy | Garante | Mar 2022 | €20M fine, ordered deletion | €20M |
| 🇬🇷 Greece | HDPA | Jul 2022 | €20M fine, ordered deletion | €20M |
| 🇬🇧 UK | ICO | May 2022 | £7.5M fine, ordered deletion | £7.5M |
| 🇦🇹 Austria | DSB | 2022 | Found in violation of GDPR | — |
| 🇦🇺 Australia | OAIC | Nov 2021 | Found in violation of privacy law | — |
| 🇨🇦 Canada | OPC | Feb 2021 | Found in violation of privacy law | — |
| 🇸🇪 Sweden | IMY | 2024 | Investigation ongoing | — |
| 🇳🇱 Netherlands | AP | 2024 | €30.5M fine | €30.5M |
Total fines: over €90M and counting. Multiple orders to delete data and cease processing.
Why It Matters
For AI Companies
Clearview demonstrates that publicly available data is not legally free to use for AI. Just because a photo is on the internet doesn’t mean you can scrape it into a database. This principle extends beyond facial recognition to:
- AI training data generally
- Model training on scraped content
- Any AI application that processes personal data at scale
For Privacy
Clearview is the case study in why data protection law exists. Without enforcement, any company could:
- Build a surveillance database of every person on the internet
- Sell access to law enforcement, employers, stalkers, anyone
- Do this without consent, notification, or oversight
The enforcement actions show that GDPR and equivalent laws provide real protection — but only when regulators act.
For Regulation
The multi-jurisdictional response is significant. When France, Italy, Greece, the UK, Australia, and Canada all independently reach the same conclusion — this is illegal — it establishes a global norm.
See EU Country Codes & Authorities for the specific DPAs involved and Regulator Watch for ongoing enforcement activity.
Connection to AI Safety
Clearview sits at the intersection of multiple hub themes:
- AI Bias & Fairness — Facial recognition has well-documented accuracy disparities across demographics
- AI Security — Mass surveillance capabilities as a security threat
- GDPR & AI — The data protection framework in action
- EU AI Act — The AI Act classifies real-time remote biometric identification as “unacceptable risk” (banned) in most contexts
Go Deeper
- Court Rulings — All tracked cases
- GDPR & AI — How data protection applies to AI
- EU AI Act — Risk classification for biometric systems
- EU Country Codes & Authorities — The national authorities involved
- AI Bias & Fairness — Facial recognition and demographic accuracy gaps
- AI Security — Surveillance as a security concern
- Regulator Watch — Ongoing enforcement activity
- AI Intelligence Hub — Back to the hub home
Sources
- CNIL — Clearview Decision (France) — French DPA decision
- ICO — Clearview Decision (UK) — UK ICO decision
- Garante — Clearview Decision (Italy) — Italian DPA decision
- EDPB — EU coordination on enforcement