The Garante per la protezione dei dati personali (the Italian DPA) has sanctioned Clearview AI with a €20M fine for violations of the GDPR and has requested immediate deletion of it’s existing databases of Italian citizens’ images. Clearview AI is a US company which collects photos from the web and through AI analyses, processes and stores such images for client users to use comparative photos in order to identify individuals. DPAs in Germany, France, and Sweden have already decided that Clearview AI software is not permitted under the GDPR framework, however the enforcement by the Garante has gone much further since it requires that all Italian personal data be deleted by Clearview even in the absence of the individuals requesting the deletion. Furthermore, as the company doesn’t have an EU establishment it needs to appoint an EU Rep to process EU citizens data for the purposes of GDPR Article 27. Find the Italian DPA decision here.
