On 26 November 2021, the French Data Protection Authority, Commission Nationale de l'Informatique et des Libertés (CNIL) issued a ruling against the facial recognition company Clearview AI after pursuing an investigation into its personal data collection and biometric data processing practices. The CNIL found that Clearview AI violated the EU General Data Protection Regulation (GDPR) by collecting and using data of persons located in France without an appropriate legal basis and by failing to respond effectively to individuals' requests for access and erasure of their data. Thus, the company was ordered to cease processing of personal data with no legal basis relating to individuals in France, to comply with individuals' requests for data erasure and delete the data within two months.
Original source