(Reuters) -Austrian privacy group noyb said on Tuesday it has filed a criminal complaint in Austria, accusing U.S.-based Clearview AI of illegally collecting photos and videos of European Union residents to build its facial-recognition database.
Noyb said in a statement Clearview violated the EU's General Data Protection Regulation (GDPR), and Austria's criminal provisions for those violations could expose Clearview and its executives to personal liability, including potential jail time.
Clearview, which markets its tools mainly to law enforcement and says it has collected more than 60 billion images globally, did not immediately respond to an emailed request from Reuters for comment.
The company has previously been found in breach of the GDPR by regulators in France, Greece, Italy, and the Netherlands in collecting and processing the data of millions of European citizens. The countries issued nearly 100 million euros ($116.62 million) in cumulative fines and reached a U.S. class-action settlement in March over its data-scraping practices.
Clearview is contesting a 7.5-million-pound UK fine, arguing Britain's GDPR should not apply because its facial-recognition service is sold only to foreign law enforcement. The company says its operations fall outside UK jurisdiction.
Its first appeal in the UK was dismissed in October, with the court ruling the service is used by clients to identify individuals and analyse behavior to predict and prevent illegal activities, thereby falling under the scope of UK GDPR. The case is now set to return to a lower tribunal, while Clearview retains the option to seek permission to appeal the jurisdiction decision.
Noyb, led by Austrian lawyer Max Schrems, a privacy advocate known for winning two landmark EU court rulings that struck down transatlantic data-transfer frameworks, says Clearview has disregarded EU decisions as it lacks an EU establishment and has not paid imposed fines. The planned Austrian case seeks to test whether criminal enforcement can succeed where administrative penalties have struggled.
Austria has implemented criminal provisions for certain GDPR violations within the country. If prosecutors accept the complaint, the case could set a precedent for criminal enforcement of GDPR violations and increase pressure on non-EU firms that process Europeans' biometric data.
"Clearview AI amassed a global database of photos and biometric data, which makes it possible to identify people within seconds. Such power is extremely concerning and undermines the idea of a free society, where surveillance is the exception instead of the rule," Schrems said in the statement.
($1 = 0.8575 euros)
(Reporting by Leo Marchandon in Gdansk and Foo Yun Chee in Brussels; Editing by Muralikumar Anantharaman)
