Austrian privacy advocacy group noyb has filed a criminal complaint against U.S.-based Clearview AI and its top executives, accusing the facial recognition firm of illegally collecting billions of photos and videos of European citizens in violation of the EU’s General Data Protection Regulation (GDPR).
Clearview AI, which claims to have scraped more than 60 billion images from the internet, markets its facial recognition database primarily to law enforcement agencies. It has reportedly provided services to private corporations, including Walmart and Bank of America.
Multiple GDPR Fines and Bans
Regulators in France, Greece, Italy, and the Netherlands have previously ruled that Clearview AI’s operations breached GDPR rules. The company was fined a combined €100 million (approximately $116.6 million) and ordered to cease processing data of EU residents, Reuters reports.
The Austrian Data Protection Authority (DPA) also found Clearview’s practices to be illegal, while the UK Information Commissioner’s Office (ICO) imposed a £7.5 million fine. Clearview appealed the UK decision, arguing that its services are sold only to foreign law enforcement and therefore fall outside UK jurisdiction.
Despite multiple fines and bans, Clearview has ignored enforcement actions from EU authorities. Only in the UK has the company pursued legal challenges.
A Move Toward Criminal Enforcement
The latest complaint marks a significant escalation in Europe’s privacy enforcement efforts. Under Article 84 of the GDPR, EU Member States can impose criminal penalties for certain violations. Austria’s Data Protection Act (§63) allows prosecutors to pursue such cases, including personal liability for company executives.
According to noyb, this legal path could enable EU-wide criminal action and even jail sentences for Clearview’s managers if convicted.
Max Schrems Calls for Accountability
Noyb founder and privacy advocate Max Schrems, known for his landmark legal victories on EU–U.S. data transfers, condemned Clearview’s conduct:
“Facial recognition technology is extremely invasive. It enables mass surveillance and immediate identification of millions of people. Clearview AI amassed a global database of biometric data, which undermines the idea of a free society, where surveillance should be the exception, not the rule.”
He added that Clearview’s disregard for EU data protection laws “spits in the face of EU authorities” and called on Austrian prosecutors to take decisive action.
Potential Global Implications
If Austrian prosecutors accept noyb’s complaint, the case could set a legal precedent for criminally enforcing GDPR violations, especially against non-EU companies that process European citizens’ data without compliance.
Such a move could reshape global data privacy enforcement, signaling that GDPR breaches may carry not just financial penalties, but also criminal consequences for executives responsible for illegal data processing.
Clearview AI did not immediately respond to requests for comment.
Rajani Baburajan
