Fined €20 Million Under GDPR. Ordered to Halt Processing and Delete All Greek Data was fined €20 Million for violating the GDPR. The company was ordered to halt data processing and delete all Greek data. has been slapped with yet another fine thanks to the General Data Protection Regulation (GDPR). Back in December, the company was fined £17 million and ordered to not only stop processing the data of UK residents, but also delete all existing data it has of UK residents as well.

Now, we are learning of another ruling that seems to follow a very similar path. The company was fined €20 million in Greece. Subsequently, they have been ordered to not only halt all data processing of Greek citizens, but also delete all current data they have on Greek individuals. From NOYB:

Complaints in five countries. An alliance of organizations, including noyb, Privacy International (PI), Hermes Center, and Homo Digitalis, filed a series of complaints against Clearview AI Inc. in May 2021. The company claims to have “the largest known database of more than 10 billion facial images” and is aiming to reach 100 billion within the next year to make almost every person worldwide identifiable. The images for this come from social media accounts and other online sources. Complaints have been filed with data protection authorities in France, Austria, Italy, Greece and the United Kingdom.

Clear ban. The ruling is clear: the GDPR is applicable because Clearview AI uses its software to monitor the behavior of people in Greece, even though the company is based in the U.S. and does not offer its services in Greece or the EU. The data processing had no legal basis and there is a lack of transparency concerning the processing operations. Collecting images for a biometric search engine is illegal. Not only would Clearview now have to delete all hitherto collected images of Greek citizens, but also the biometric information that is needed to search for a specific face. The Greek authority also ordered Clearview to appoint a representative in the EU, to enable EU citizens to exercise their rights more easily and so regulators have a contact person in the EU.

Things are getting tight for Clearview. This decision follows the decision by the French authority on Clearview in December 2021, as well as the decision by the Italian DPA: also here, the authority prohibited the collection and processing of data in Italy. We expect a similar decision in Austria soon.

With multiple rulings against’s business practices, it will only become increasingly clear that they are not able to easily operate within Europe. The company has long faced a myriad of controversies in the past. The big one being that they basically scraped their information off of social media websites and other data sets without really obtaining proper permission. While the company tried to defend itself by saying that their information would be used for law enforcement, a scandal in 2020 where the technology was used by the rich and famous for fun at parties pretty much caused that argument to self destruct.

The political baggage is so severe for the company, that even the very mention of its use is enough to cause controversy.

Because of all of this, it has made the use of facial recognition software much more legally difficult to implement. Digital rights advocates have long fought against this technology as an over-broad and unnecessary violation of people’s privacy. With rulings like this, it appears digital rights advocates are, indeed, winning that fight.

Drew Wilson on Twitter: @icecube85 and Facebook.

Leave a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top