Austria: Issued DPA ruling in investigation into Clearview AI over its personal data collection and processing practices compliance with GDPR

On 10 May 2023, the Austrian Data Protection Authority (DPA) issued its ruling in the investigation into Clearview AI over its personal data collection and biometric data processing practice. The DPA opened the investigation following a complaint alleging that Clearview AI collected and processed its personal data through the scraping of social media and online video platforms and media outlets. The DPA found that Clearview AI violated several provisions of the General Data Protection Regulation (GDPR). In particular, Clearview AI processed personal data without a specific purpose and violated the obligation to process data in a lawful, fair and transparent manner. Furthermore, the DPA stated that Clearview AI violated the data minimisation requirement and failed to obtain explicit consent for processing special categories of personal data. The DPA ordered Clearview AI to delete the complainant's personal data and to appoint a legal representative in the European Union.