Clearview AI, the New York-based facial recognition firm that is targeting 100 billion facial images in its database by the close of 2022, has been fined €20 million ($19.7 million) by France’s data protection authority, the CNIL, for what the agency says is the illegal collection and processing of personal biometric data belonging to French citizens. The fine comes after the CNIL last year ordered Clearview to cease data collection and delete its existing database, instructions the company reportedly ignored. This is Clearview’s third breach of the EU General Data Protection Regulation (GDPR) pertaining to France. Continue reading France Sanctions Clearview AI €20M for Violating GDPR Rules

In its first major ruling against social media giant Facebook, Irish authorities fined the company’s WhatsApp messaging service almost $270 million (225 million euros) under the General Data Protection Regulation (GDPR). Those authorities stated that WhatsApp was not transparent about how data collected by those using the app is shared with other Facebook properties, including Instagram. WhatsApp said it would appeal the decision. Since established three years ago, the GDPR has not resulted in any major fines or penalties for Facebook until now. Continue reading Ireland Slaps Facebook’s WhatsApp Service with GDPR Fine

Ireland’s Data Protection Commission fined Twitter €450,000 (about $546,000) for failing to notify the regulator or document a data breach within 72 hours. The breach, revealed in January 2019, exposed some Android users’ private tweets for over four years. Twitter chief privacy officer Damien Kieran said the company takes responsibility … and remains “fully committed to protecting the privacy and data of [its] customers.” This is the first time a U.S. tech company has been served with a GDPR fine in a cross-border case. Continue reading Ireland Fines Twitter for Privacy Breach in a First for U.S. Tech

The Court of Justice of the European Union (CJEU) has ruled that Google will not be required to apply “right to be forgotten” rules globally. Based on the landmark privacy case, the tech giant will only need to remove links to sensitive personal data and disputed search results in Europe, after it receives approved takedown requests. The case was initiated in France in 2015 when privacy watchdog CNIL ordered Google to remove certain search results globally under “right to be forgotten” laws. Google refused and took the case to the French Council of State, which eventually turned to the CJEU.  Continue reading Landmark Privacy Case: EU Court Rules in Favor of Google