Privacy by design

GDPR in Practice: Compliance and Fines

Mamnoon Hadi

Head of Analytics & Insights at Readdle

Case study: Clearview AI privacy by design violation

Illegal database:

  • Clearview AI scraped over 30 billion photos from the internet, including social media platforms, without consent$^1$

 

DPA fine:

  • The Dutch Data Protection Agency (DPA) imposed a €30.5 million fine for creating a facial recognition database violating GDPR

GDPR violations:

  • Clearview AI failed to adhere to core GDPR principles, including data minimization and transparency

violation.png

1 tsaaro.com
GDPR in Practice: Compliance and Fines

Global heat: Clearview AI under the spotlight

 

Global scrutiny:

  • Clearview faced similar fines in France, Italy, and the UK for unlawful data processing

Non-compliance across borders:

  • Despite Clearview's legal defenses, the company's actions remain in violation of international privacy standards

 

Facial recognition concerns:

  • These legal actions emphasize global concerns over privacy violations, lack of consent, and misuse of biometric data

scrutiny.png

GDPR in Practice: Compliance and Fines

The dark side of facial recognition

 

Privacy risks:

  • Facial recognition poses risks like identity theft, fraud, and unwarranted surveillance

Lack of security:

  • Data breaches expose facial data to hackers, with significant security and financial implications

Vulnerable populations:

  • Predatory marketing could target vulnerable individuals by analyzing facial expressions or emotions
GDPR in Practice: Compliance and Fines

Articles you can't ignore

Article 5 violations:

  • Clearview breached principles of lawfulness, purpose limitation, and data minimization by collecting data without consent or necessity

Article 6 violations:

  • Failed to comply with lawful bases for data processing and neglected individual consent

Article 9 & 12 violations:

  • Biometric data was processed without explicit consent, violating GDPR's special categories and data transparency provisions
GDPR in Practice: Compliance and Fines

Regulatory ripples: Lessons from Clearview AI

Regulatory momentum:

  • The Clearview case is part of a broader trend of regulatory actions against tech companies worldwide

Global impact:

  • Privacy regulations, including the GDPR and India's digital personal data protection act (DPDPA), are setting a precedent for how personal data should be handled

Future implications:

  • The case underscores the need for robust privacy measures in AI technologies and highlights growing global privacy concerns
GDPR in Practice: Compliance and Fines

Let's practice!

GDPR in Practice: Compliance and Fines

Preparing Video For Download...