Clearview AI was hit with its largest GDPR fine yet from Dutch regulators 

A slew of General Data Protection Regulation (GDPR) fines over the past month indicate that data protection authorities are continuing to clamp down on what they perceive to be violations of the data protection act. 

Among them is the Netherlands’ data protection authority (AP) which fined Clearview AI €30.5 million for breaches of the GDPR. This fine was imposed after the AP says it confirmed that the company’s database has images of Dutch citizens.

This fine is significant in that it is larger than GDPR fines imposed on the company by data protection authorities in France, Italy, Greece and the UK over the past few years. back in 2022. Moreover, the AP warned that it could fine the company an additional €5.1 million for continued non-compliance. Clearview had failed to stop the GDPR violations after the AP concluded its investigation. The total fine could reach €35.6 million if Clearview AI continues to ignore the Netherlands regulator. Clearview has stated that it is not subject to GDPR  because it doesn’t have a place of business in the Netherlands or the EU and doesn’t have any customers there.

The AP has also recently fined Uber €290 million for transferring employee data to the USA without adequate safeguards. This breach, spanning approximately two years, involved personal data of 172 Uber drivers from France, including location data and criminal records. The AP leads on GDPR oversight of Uber as the company has its main EU establishment in the country.

The GDPR allows for fines of up to 4% of global annual turnover to be levied for non-compliance. Uber’s revenue for 2023 was around €34.5 billion, making the fine well below that maximum. But it is still among the largest penalties levied on a tech company since the GDPR began operating back in 2018.

Other recent much smaller GDPR actions involve Uniqlo, which was fined €270K by the Spanish Data Protection Authority after a former service provider received their own payslips and those of 446 other employees. The fine was reduced from an initial €450K after Uniqlo took corrective actions. A Belgian telecommunications company was also fined €100K by the Belgian Data Protection Authority for failing to respond to a customer’s request for information and not communicating effectively with the customer regarding changes to their contract. The Danish Data Protection Authority fined the Municipality of Vejen almost €27K after unencrypted laptops containing sensitive data of students and teachers were stolen from a school. 

As the fines increase and the authorities take increasing notice of violations, it’s important to learn what to do to avoid getting fined. Our 10 step guide to GDPR could help.