French regulator tells Clearview AI to delete its facial recognition data

France’s foremost privacy regulator has ordered Clearview AI to delete all its data relating to French citizens, as first reported by TechCrunch.

In its announcement, the French agency CNIL argued that Clearview had violated the GDPR in collecting the data and violated various other data access rights in its processing and storage. As a result, CNIL is calling on Clearview to purge the data from its systems or face escalating fines as laid out by European privacy law.

Clearview rose to prominence in 2020 after a New York Times investigation highlighted the company’s massive data collection efforts. In particular, the company offered the unique ability to identify subjects by name, drawing on data scraped from public-facing social networks. Subsequent reporting showed the company’s deep ties to right-wing political activism and widespread use within US law enforcement.

CNIL’s motion is similar to a recently issued order in Australia, and it likely won’t be the last such order to come out of the EU. (Clearview has contested the order.) While CNIL only has jurisdiction over infringements on the rights of French citizens, other European regulators are sure to follow suit if the case is successful. Similar complaints have already been filed by Privacy International in Greece, Italy, and Austria. Last year, the ACLU launched a similar case in US federal court.

In a statement to TechCrunch, CEO Hoan Ton-That insisted the company’s data was collected legally. “We only collect public data from the open internet and comply with all standards of privacy and law,” Ton-That wrote. “My intentions and those of my company have always been to help communities and their people to live better, safer lives.”