AI Clearview Faced With Criminal Lawsuit In Austria On Alleged Privacy Violation

JAKARTA The Austrian privacy advocacy group, noyb, filed a criminal lawsuit against the company from the United States, Clearview AI. They accused the company of illegally collecting photos and videos of EU citizens to build its facial recognition database.

In his statement, noyb assessed that Clearview had violated the European Union's General Data Protection Regulation (GDPR). Under Austria's criminal law, such violations can make Clearview and its executives face personal responsibility, including a possible prison sentence.

Clearview AI is known for marketing its facial recognition software to law enforcement agencies in various countries. The company claims to have collected more than 60 billion images from around the world. However, when asked for a response by the media, Clearview gave no answer.

Previously, regulators in France, Greece, Italy and the Netherlands had decided that Clearview violated the GDPR for collecting and processing data on millions of Europeans without permission. These countries imposed cumulative fines of nearly 100 million euros (approximately IDR 1.7 trillion). In addition, Clearview also reached a class-action lawsuit settlement in the United States in March regarding the practice of mass internet data collection (data screening).

In the UK, Clearview is still suing a fine of 7.5 million, arguing that the UK GDPR does not apply to them because its facial recognition service is only sold to foreign law enforcement agencies. However, the court rejected the argument this October, stating that Clearview services were used to identify individuals and analyze behavior in crime prevention efforts so that they remain under the jurisdiction of the British GDPR. The case is now returned to a lower instance court, while Clearview still has the option of filing an appeal.

Noyb's leader, Max Schrems, an Austrian privacy lawyer known for winning two important decisions in European Union courts regarding cross-Atlantic data transfer, said Clearview had ignored European authorities' decisions for not having an office in EU territory and had not paid the fines imposed. The lawsuit in Austria aims to test whether criminal law enforcement can be more effective than administrative sanctions that have been less successful so far.

Austria itself has adopted criminal provisions for certain violations in the GDPR. If prosecutors receive this complaint, the case could set the first precedent for criminal enforcement of GDPRs that could potentially increase pressure on non-EU companies that process biometric data of Europeans.

Clearview AI has collected a global database containing photos and biometric data that allows the identification of a person in seconds. This kind of force is very dangerous and threatens the concept of a free society, where surveillance should be an exception, not a rule," Schrems said in an official statement.