Can't the government already do the same using images from identity cards, passports, etc.? Is the problem mainly because it's a private company doing it? I genuinely want to better understand this issue.
Yes, the problem is that a private company doing it against data privacy regulations in the EU; collecting personally identifiable information and biometrics is regulated through the GDPR, the article clearly states the issue:
> The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
It isn't shocking that an American company would run into issues like this in the EU as it is one of the fundamental differences between American and European society. By and large, Europeans would rather this type of thing be in the hands of the government over a private company while Americans would prefer the reverse.
> By and large, Europeans would rather this type of thing be in the hands of the government over a private company while Americans would prefer the reverse.
Well, you can vote for politicians that align with your values. The American replies: you can vote with your wallet.
I'd like to see a company like Clearview get boycotted away. It has few customers that pays well and the citizens that they subject to violations are not their customers and have no say.
Also, Re: vote with your wallet. The fact that the richest gets the most ballot papers is not so democratic.
I mean, I think many people would rather that this was in the hands of _neither_, tbh.
The AI Act (note that this fine was under prior legislation, not the rather new AI Act) bans this except for specified national security purposes, but I'd certainly have preferred to see it ban it entirely.
> "Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
what limits do we place on countries randomly being able to make supranational claims like this? do you want every online business checking the passport of their customer? because sure this case is fine but its a pretty dangerous precedent to accept without limits. for all its good intentions, GDPR has also resulted in cookie banner spam on the rest of us.
as with all government power - u may be fine when its used against things you dont like, but try to imagine when its used to against things you do...
> do you want every online business checking the passport of their customer?
Is the business selling to a EU citizen? If so they have to deal with the rights that citizen has.
If a company in some fictitious jurisdiction where fraud is not a crime defrauds an American citizen, should they not face American justice for it? It might be they don't have legal representation in the USA but that shouldn't stop an American citizen on bringing the issue to authorities to deal with.
It's not random, if you make business with someone in the EU or deal with the information of someone in the EU then you need to follow EU's regulations. Can't do that? Don't deal with EU's citizens data or business, it's pretty simple.
I really don't think this is a hard concept to grasp.
If you run a company in a foreign country, then the laws of that country apply of course. Why should it be different just because they have scraped internet data containing images of Euroepeans? If that's legal in the home country of the business (as it would in, say, America) then its none of the EU's business.
Imagine the reverse, if China was fining European companies for not censoring CCP-offensive terms on the internet. Or America was fining them for dealing with US-blocklisted entities like Iran.
> If that's legal in the home country of the business (as it would in, say, America) then its none of the EU's business.
The data pertain to EU's citizens, that is covered under the GDPR, if your business deal with private data from EU's citizens you are under the GDPR even if you don't operate in the EU (such as the case of Clearview). Of course, without an office/representation in the EU it's impossible for the EU to collect the fines and apply other punishments, still the business will be judged under the terms of the GDPR in the EU.
It's the business of the EU since the data is from EU's citizens. Like I mentioned before, if a business was defrauding people (i.e.: identity theft) in the USA while operating outside of the USA, the American justice system has all the prerogative to defend its citizens rights even if it wasn't possible to stop the operation, collect fines, etc. There would be an investigation, there would be a prosecution and eventual punishment. Depending on how egregious the rights violating behaviour was it could escalate into the international sphere.
It's the same case here, Clearview AI is processing private data from EU's citizens even if outside of the EU it is against EU laws.
> Or America was fining them for dealing with US-blocklisted entities like Iran.
The USA does punish companies outside of the USA for dealing with US-blocklisted entities, how the hell do you think sanctions work? Why do you think most of the world avoid dealing with Iran, North Korea, etc.?
Clearview has been targeted before by other DPAs in the EU [0][1][2][3][4].
I think there is merit to both side of the argument here.
On the one hand, yes, each nation can stick to their lane. Who is to say their rules and culture and regulations are "correct". Undefined. That another nation may well believe themselves to be the correct one. Under that principle it's wrong to go nosing about other nations. The example of CCCChinaCCCP's arm reaching out censorship wise was made here.
On the flipside, the defending of one's nation's citizens against foreign obnoxiousness is well reasonable. For example, if USA did a better job defending against scammers from India, I think we'd all be happier for it. Now, is India right/correct in believing spam calling is a god given human right to be embedded into their own bill of rights? I don't know, but what I do know is US citizens would be happier if US defended there interests here, as the EU is doing for his citizens.
So does that mean it’s intelligence services never get a face match done ?
How would you know if they have no customers here, do you think their intelligence services would tell you ? In the past the head of Dutch intelligence lied to the government about mass surveillance. Even if it was true, guaranteed they would simple send their photos to American counterparts to run.
> what limits do we place on countries randomly being able to make supranational claims like this?
Randomly? EU or other nations act because their citizens have their rights violated. I assume Clearview has collected Dutch faces en masse and thereby violated laws.
Obey by GDPR or don't deal with the data of EU citizens.
Okay I get it now, GDPR.
But is it bad if it is used to catch criminals ?
What's a potential misuse of that technology ?
Maybe I watched too much of Person Of Internet...
even without tech, justice system is already ruining people's lives unjustly. so maybe we have to discuss failure rate, processes in place to correctly use the tech, instead of just saying it has to be bad ? the question is will the tech help ruin more people lives that was already the case or not or improve the odds in some cases even
> even without tech, justice system is already ruining people's lives unjustly
Sure, but as with a lot of this stuff, this allows that to be done _at scale_. "[bad thing] happens anyway" isn't a great argument against "we should ban this thing where [bad thing] is likely to happen at massive frequency".
meanwhile police departments are already using that around the world, and they seem conscious about the limitations, and not using it as a 100% accuracy tool.
"Assistant Chief of Police of Miami, Armando Aguilar, said in 2023 that Clearview's AI tool had contributed to the resolution of several murder cases, and that his team had used the technology around 450 times a year. Aguilar emphasized that they do not make arrests based on Clearview's matches alone, and instead use the data as a lead and then proceed via conventional methods of case investigation"
That depends on every user of this massive data set to be responsible with it, do you trust that?
If there was a way to read every person's thoughts in public spaces to deal with crime, so that you could know exactly who is guilty of a crime, or preparing to commit a crime beforehand, would that be a technology you'd support?
Data privacy is important, our collective rights are more important than helping the police to increase their rate of solving crimes.
>> even without tech, justice system is already ruining people's lives unjustly
>Sure, but as with a lot of this stuff, this allows that to be done _at scale_.
EXACTLY. The US wastes over 8 billion dollars a year inefficiently ruining peoples' lives and burning tax dollars. With the advent of facial recognition AI software, we can ruin lives 90% more efficiently at three times the scale!
then you should not ask "what is a possible misuse of this [facial recognition to catch criminals] technology?" but some more nuanced question
As for the rest of your argument, even if we take as a given that there is cases where facial recognition could be helpful, I'd say that if a company can't be trusted not to illegally develop their products it can hardly be trusted to respect strict standards when their products are in use
If identification of dutch citizens are a part of the product for services rendered by Clearview AI, they should be punished severely for this. Same goes with any country, or person, who doesn't want to be a part of their scheme.
Since they don't operate directly in the EU, there is not much else they can do aside from collaborating with other countries DPAs to ban any EU company from integrating with them (per the article currently only companies in the Netherlands are banned).
Even the fine itself is a bit problematic because it looks like unenforceable as they don't operate in the EU thus not subject to EU law.
However if it were to be discovered that the user images where not only retrieved by scrapping publicly available information, but involved data brokerage or other forms of personal information selling all those involved throughout that chain could be fined.
Neither do you want to normalise organisations violating the rights of a given state's citizens with impunity because they operate from outside of their jurisdiction and refuse to engage. If there's no other recourse than to arrest the members of the (for all intents and purposes) criminal organisation if they step foot in the affected state then so be it.
Why not? Sends a strong message; and also forces employees to think about what they are doing instead of passing the buck.
This is also not like some stupid patent dispute or DMA compliance argument. These employees are directly responsible for stockpiling personal identities of millions of people for the express purposes of making the surveillance efforts of their government easier. That's a very political action, which is directly aggressive against a country's citizens, and they should feel that.
There are 27 countries in EU with different motives, morals, interests, etc. Just because you agree with the decision of one country in one instance it doesn't mean you would agree with them all. But once you give them the powers it's impossible to take them back. It's a bad slippery slope.
Just to be clear here, your issue is with the number of member states in the EU?
In other words you would be fine with Canada arresting employees of Clearview if they tried to enter the country after Canada deemed them profiting members of an organization that was breaking the law in Canada?
If I go to Saudi Arabia after having called for their leader to be executed on X for his treatment of women, yeah, probably not a good idea to go.
If I go to Iran after saying Khamenei deserves a rocket to his mansion, yeah, probably not a good idea to go.
If I go to Europe after having run a multi-million dollar scheme affecting European countries by white-labelling services from North Korea (legal in Brazil), and I'm a Brazilian citizen and know Brazil almost never extradites, yeah, probably not a good idea to go.
If I go to the US with my two 12 year old brides from Niger, yeah, probably not a good idea to go.
In addition to the examples you mention, if you become involved in doping at an international competition in which US American athletes were competing, it's probably not a good idea to travel there: https://en.wikipedia.org/wiki/Rodchenkov_Anti-Doping_Act_of_...
Is it really so unreasonable to expect that countries prosecute people who commit crimes against their citizens with expectation of impunity the next time they visit their country?
You're proposing an alternative where people can just commit crimes with no recourse from the victims simply because a border exists somewhere and they commit the crimes on one side of the border.
Would you expect it to be reasonable for Canadian citizens to be shooting at Americans on the border and it unreasonable for American authorities to arrest them if they came to America?
> Would you expect it to be reasonable for Canadian citizens to be shooting at Americans on the border and it unreasonable for American authorities to arrest them if they came to America?
Physical violence is incomparable to working at a company that did something that would be illegal in a certain jurisdiction. Should the person maintaining Clearview's website be arrested in the EU simply because they work there?
What do you suggest as an alternative? That we live in a world where people can evade legal prosecution simply by incorporating or working for a company that incorporated?
Why isn't violent crime comparable to stalking crime? Why is it socially acceptable to hoard personal information about someone and pictures of them as long as someone does it under the auspices of a business but it's creepy and weird to do it as a lone-wolf stalker type? Maybe they're both terrible and creepy business models and the EU is right to prosecute anyone who does it, articles of incorporation or not.
I'm not sure, but I don't think "I did it from abroad" should just make it OK. The whole point of the GDPR is that personal data is valuable and important. Would you feel the same if Clearview were instead taking people's money?
I think you'll find most people would be more than happy to see a few scummy C-suites landing behind bars. I certainly welcome it and can't wait for the day when these psychopaths actually get punished for their greedy behaviour.
You're getting downvoted, but it's an interesting idea. Violating the GDPR is illegal.
You can break your home country's laws when you go abroad and it's usually OK. You can smoke cannabis when you visit the Netherlands* from Ireland, for instance, and go back home to Ireland without worry.
Violating GDPR is illegal. It's acceptable to arrest people who do things that are against the law. And if, say, I write a lambda that runs hourly and violates the GDPR from my home in California, and then take a holiday to the Netherlands while the lambda is still running, should I be immune from arrest? The offense is still ongoing in that instance.
If we truly take privacy seriously then this should be treated like a crime. If I had something that scammed people in Europe and then holidayed in Europe I'd expect to risk arrest. Or is that somehow less important than violating people's privacy?
* (It's actually technically still illegal but that's a different story). Gedoofd is weird.
Arresting tourists for crimes they did not commit is hostage taking and could be considered an act of war.
The US is willing to prison swap terrorists with Russia, we definitely wouldn’t tolerate some EU country (that we spend billions of dollars defending) arbitrarily arresting tourists so they can hold a foreign company hostage.
Anyway I think you're right that the US would strongarm EU governments in to getting their way (look at privacy shield, etc.) but I still think "you're allowed to continue breaking our laws that affect people in our country while you visit us because it happens to be running on a computer you left at home" is a weak defence.
We’re talking about xx million dollar dispute between allied countries, it’s not a reasonable method of conflict resolution to start throwing people in cages that work for x company until the EU gets their way.
> what do you mean “did not commit”
It’s standard around the world that employees are not held personally responsible for the crimes of the corporation they work for.
Edit: if we’re talking about an individual US citizen that’s found guilty in the EU, then the EU will go through the extradition process to have them arrested.
This isn't a dispute between the two countries, it's a dispute between the law enforcement of one country, and the people they're accusing of breaking the law from another country.
> It’s standard around the world that employees are not held personally responsible for the crimes of the corporation they work for.
Is it really so simple? Is all that the cartels missing to avoid persecution from the US gov't simply incorporating in their home state? Of course not.
Imagine that offered death by drones. You tell 'em who you want killed and they mail a package containing a drone that pops out and kills the person when it's delivered. Would it be reasonable to say "Yeah we can't arrest anyone from that company when they come to our country because they incorporated in another jurisdiction?"
If the EU wants to arrest someone they can submit an extradition request which the US will approve or deny after reviewing. The EU can also already arrest individuals whom are found to be criminals.
You are suggesting a totally new weapon for EU law enforcement which is to imprison individuals who are not found guilty of a crime because they work for a company that owes the EU money. That sounds a bit insane to me, I think if the EU wants to collect their fine they should find a more diplomatic approach that does not equate to a literal war crime [1]
The flaw in your line of thinking is that it is legal and very common place to arrest people who are suspected of committing a crime.
We're talking about people who have suspected of committing a crime in the EU. Should they step foot in the EU the EU is free to arrest suspects of a crime and they can get their day in court.
I think one day we will look back on this era, and think it is crazy that so much crime was committed in public and caught on video, and yet the government would usually not be able to take any action. They wouldn't be able to figure out who it was, and they wouldn't be able to find the criminal.
One day all of these things will be taken for granted because we will capture more and more video of public spaces, and AI facial recognition will be more accurate than human facial recognition.
>[Clearview Chief Legal Officer] Mulcaire said in his statement that Clearview doesn't fall under EU data protection regulations.
>"Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
-------------
>The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
> "Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world," DPA chairman Aleid Wolfsen said in a statement.
> "If there is a photo of you on the Internet — and doesn't that apply to all of us? — then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China," he said.
-----------------
If you're pulling data from European Citizens from all over the internet, I'd imagine that the EU does get a say (since it's literally data processing of EU citizen data). I'd also expect that the EU could just make one of the other upstream suppliers of Clearview data responsible for enforcement.
Clearview is a perfect example of how to avoid EU-nexus. They don't have any corporate presence, employees, assets, or customers in the EU. They are even careful to only pull photos from US based servers. Because they only do facial matching on photos, they have no idea if someone is or is not an EU citizen.
To seek any sort of judgement or criminal charge against them the EU would need to find an applicable law in the US that covers the activity.
While some people might be upset because GDPR isn't a stick they can use to beat Clearview with, this legal framework is the same that allows you to post material critical of the Chinese government without facing financial penalties or extradition.
Why is the burden of proof on the users? Why shouldn't the burden of proof be on Clearview? They should be required to know that a person is in a place they can legally operate before doing so.
The Netherlands created an intelligence agency called the RIEC deliberately without a human representative so the whole organisation cannot be taken to court. And this organisation actively works against the rights of its citizens with impunity. The attorney general himself even said that their prosecutors can lie in court without being prosecuted for perjury. It’s a joke that this country pretends to be upset with clearview.
Oh, and the prosecutor who lied in court to make his case failed had been previously made lying in court in 2013. Then he didn't loose his job, he was promoted.
And the former head of team interventions, who was joinly responsible for the criminal intervention, was mentioned at the end of each episode of a six part documentary called "De Villamoord" as refusing to answer the documentary maker's questions. The documentary was about 9 innocent people sent to jail on fabricated evidence. So she's being responsible for obstruction of justice before, both of them have. But both of them were just promoted, not fired.
Before being the head of team interventions, she was previously the head of the organised crime unit in Arnheim, which is why her name was mentioned at the end of each episode. And it's why I then further investigated her background to discover those roles and the explanation was to why the case was delayed and how she was then in a position to further obstruct justice. I was interested, because we had had two meetings with her in my efforts to get the absurdly massive harrassment stopped.
It's quite clear that the huge escalation in harrassment that occurred before we started protesting at the town hall that resulted in the government buying the house of my harrasser was an attempt to make me trip up and do something illegal. A futile attempt because I'm simply just not that kind of person, I'm very law abiding.
Almost 30 years ago the Netherlands were caught with their pants down actively participating in criminal activity. The scandal was called "The IRT affaire". At that time the IRT teams were more directly involved with criminal activity as I understand it.
After the big deal that that caused, it looks like they restructured to do the same sort of things but do it all through proxies instead. Plausible deniability. Avoidance of accountability. I expect I'm describing all intelligence agencies here with this, but this was a case of the justice department morphing into an intelligence agency driven thing. So no longer representing justice (or democracy) anymore.
In 2006, the mayor in our council signed the integrated approach to tackeling weed plantages agreement (Convenant, geintegreerde aanpak hennepplantage". The integrated part refers to the proxies (Their partners, like the council) through which they do everything. From that time he was obstructing all attempts from me not to be a victim of harrassment, theft, attacks etc.
Apparently, they are given orders, not explanations, to do things. Plausible deniability. Not very plausible but they would claim the deniability part.
The RIEC isn't just charged with finding evidence to prosecute people. It's also charge with doing "interventions", which are really broadly defined as actions carried out by a group (It's partners, police, council, tax department, mental heath organisation and more) to achieve a certain result. The means by which is left entirely to them.
There are some broad rules, like a cilian cannot be used for obsessive observation for more than a year, without a contract and they are not allowed to commit any crimes. But they harrassed me and my family for more than 10 years (Because I complained and thus in their eyes I deserved it). They don't give a shit about the laws, these are thus just for theater. Every single organisation I approached would not help and not journalist responded. No willingness to print the story.
Sure. Not sure which part you were referring to, but I'll provide both.
Here for example is an article that refers to the fact that the RIEC is not headed by a person (natuurlijke persoon) and hence you can't take it to court:
But it's also helpful to use chatgpt here. Ask it if it is true that the RIEC as organisation cannot be taken to court because it's not headed by a natural person. I've asked that question before and it's answer in the affirmative. Note also, the RIEC has computer systems but asks it's partners, through which it does all it's work, not to put anything into their computers unless it's absolutely necessary for the job. It never is and it cannot be taken to court so it's untouchable.
As to the perjury part, first I'll answer in one way, I filed criminal charges of obstruction of justice against a prosecutor who was the former head of the RIEC who was pretending to prosecute his own asset for stalking merely so that he could make sure that the case did not succeed (because their manner of using this asset was absolutely illegal, they were facilitating illegal activity against people not involved in any criminal activity [collateral damage]). They dismissed the case, I appealed. The appeal went to the attorney general. The attorney general ignored and simply did not comment on any of the evidence and mere responded only to the perjury charge, stating that a prosecutor could not be charged with perjury (meineed), in the sense of artikel bla, bla (The bill for perjury). Suggestioning that the eeds oath (Oath not to lie) that they take when they become a prosecutor is useless.
So here is a link that states that anyone whose job includes a secrecy obligation is exempt from being prosecuted for perjury. They give an "example" of lawyer, but this was just mis-direction at the time, the wording is very broad and in my opinion so broad that it includes everyone in Dutch government.
I have a link to a description and many news articles relating to my battle to get the huge years long harrassment stopped. Including articles as to how I took the police to court and won, also in appeal (5 years later) and found evidence that shows that connection of my harrasser to prosecutor investigations and that the prosecutors office were protecting them.
Note, I never updated that after the failed court case. Mostly because it make's me feel sick reading and confronting all this. 17 years of my life was taken up with it already. 17 years of my life was hijacked by an illegal and immoral and pointless "government intervention". And just because I had the audacity to complain about the harrassment that played out on the driveway I have to cross to get to my home. How dare I?
And I've not been able to hold a single person accountable. None of my official and on-time government complaints were handled. The council simply replied with "no comment" to all of my questions and refused to put this on paper.
The police wouldn't handle my complaint, likewise with the prosecutor's office. If the journalists don't do their jobs and publish articles about injustices, then there is no functional democracy.
The interventions are decided on by a role called "rechercheofficier van justitie" and a role call "hoofd team interventies". When my stalking case went to court, the former head of the RIEC was the prosecutor and the case was delayed, then the former head of team interventies turned up on the board of directors of the court, where influence from behind the scenes could be exerted to make the case fail.
In addition, the assistent to the prosecutor at the time had a role of intervention jurist. Or intervention legal advisor. So the whole lot of them all involved where working together to make sure that case of stalking against their illegal use of a civilian for harrassing someone not involved in criminal activity for more than 10 years would fail. In addition, the papers (The case had a number of news articles associated with it), printed lies from the prosecutor further painting my as an anti-social individual and the judge said in comments to the papers that this case has received enough press attention now. So shutup why don't you.
The civilian that I had filed police reports against for stalking, ending up having his house bought by the government at 200,000 euros loss (Profit to him).
I had more than 600 videos of evidence, the prosecutor could not name a single thing (In a phone call the next day) of anything I had ever done to the harrasser. He refused to submit the evidence and additional, large chunks of evidence "went unexplainably missing" as well.
I researched the hell out of why would a prosecutor deliberately make a case of stalking fail against someone that according to a jurist in the council had consumed more than 1,000,000 euros of money by the authorities over a 10 year period.
> Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR
That’s cute. I wonder where all the faces are coming from.
The US and UK governments already claim international jurisdiction in some cases - I hope the EU starts doing to protect their citizens against this sort of thing.
If having a facial recognition system of your citizens is immoral, then maybe the Netherlands government shouldn't have one either? Are the facial recognition systems of the Netherlands auditable? How can anyone be certain that they aren't being abused and used for political persecution?
EU has pretty strong controls on government use of facial recognition (multiple police programs shut down etc) and strong whistle-blower protections to allow people to report them
This is giving a misleading impression. I can see why you are saying it, however it's giving an impression that the Netherlands has high integrity. Read my comments above.
The word infinite here is probably a little out of place. But it's a statement of your feelings so it can well be an accurate reflection of them.
I rarely root for EU’s heavy handed approach to tech regulation. But in this case, I am willing to pick up Pom-poms and cheer for them as loud as I am capable of
“Go eu go. Bankrupt those bastards and jail them all. Go eu go. Give it to them hard”
The full PDF with the investigation results e.a. as sent to clearview: https://www.autoriteitpersoonsgegevens.nl/en/system/files?fi...