France: Issued EUR 20 millions fine against Clearview AI over its illegal biometric data collection and processing practices

On 20 October 2022, the French Data Protection Authority, Commission Nationale de l'Informatique et des Libertés (CNIL) issued a EUR 20 million fine to the facial recognition company Clearview AI after pursuing an investigation into its personal data collection and biometric data processing practices. The CNIL found that Clearview AI violated the EU General Data Protection Regulation (GDPR) by collecting and using data of individuals residing in France without an appropriate legal basis and failing to respond effectively to individuals' requests for access and erasure of their data. The company failed to comply with the CNIL ruling from 26 November 2021, ordering Clearview AI to cease processing the personal data of individuals residing in France and comply with data erasure and deletion requests. The fine issued represents the maximum financial penalty under General Data Protection Regulation.