Clearview AI, an American facial recognition software company, has been fined heavily by Dutch authorities for data privacy violations under the EU’s General Data Protection Regulation (GDPR).

It also emerged that the AI startup was keeping billions of unconsented pictures of people’s faces in an undeclared database that the agency called an “illegal database.”

Clearview AI used images from social media platforms

The $33.7 penalty was pronounced after the Netherlands Data Protection Agency (DPA) discovered that the company built a database of images scrapped from various social media platforms.

The DPA has also accused Clearview AI of not providing sufficient explanations to individuals whose pictures were in the database on how the startup uses them, including the biometric data.

According to The Verge, the company has been a target of regulators from across the world due to its alleged violations of people’s privacy. Previously, it has been slapped with fines in Australia, Italy, France, and the UK, before it was forced to delete data about people in those countries.

Now, the DPA has also warned Dutch companies from using Clearview AI’s services. In a statement, DPA chairman, Aleid Wolfsen said the technology remains illegal in the Netherlands, due to its officious nature.

“Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world.”

Wolfsen.

The DPA also said Clearview did not object to the charge, so they will not appeal the fine, including the additional $5 million specifically attached to the company’s non-compliance with Dutch laws.

Clearview AI says the fine is not enforceable

However, Clearview AI, in several media responses, has questioned the lawfulness of the fine. Its chief legal officer Jack Mulcaire told Reuters that the ruling is unenforceable.

“Clearview AI does not have a place of business in the Netherlands or the European Union, it does not have any customers in the Netherlands or the EU.”

Mulcaire.

“(The company) does not undertake any activities that would otherwise mean it is subject to the GDPR (the EU’s General Data Protection Regulation). This decision is unlawful, devoid of due process and is unenforceable,” said Mulcaire.

However, the DPA has also indicated it “is looking for ways to make sure that Clearview stops the violations.”

In June this year, Clearview AI also paid a settlement in Illinois after being charged with violating subjects’ privacy. Again, just like in the present DPA case, they did not agree to the charges, although they eventually settled the suit via an out-of-court agreement.

On the other hand, the DPA has recently been increasing its vigilance on the data front. Uber was fined $290 million for sending rider data to the United States of America without the necessary approvals. Just like Clearview AI, Uber argued that their fine is unjustified.