The full PDF with the investigation results e.a. as sent to clearview: https://www.autoriteitpersoonsgegevens.nl/en/system/files?fi...
> The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
what limits do we place on countries randomly being able to make supranational claims like this? do you want every online business checking the passport of their customer? because sure this case is fine but its a pretty dangerous precedent to accept without limits. for all its good intentions, GDPR has also resulted in cookie banner spam on the rest of us.
as with all government power - u may be fine when its used against things you dont like, but try to imagine when its used to against things you do...
Even the fine itself is a bit problematic because it looks like unenforceable as they don't operate in the EU thus not subject to EU law.
However if it were to be discovered that the user images where not only retrieved by scrapping publicly available information, but involved data brokerage or other forms of personal information selling all those involved throughout that chain could be fined.
One day all of these things will be taken for granted because we will capture more and more video of public spaces, and AI facial recognition will be more accurate than human facial recognition.
>[Clearview Chief Legal Officer] Mulcaire said in his statement that Clearview doesn't fall under EU data protection regulations.
>"Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.
-------------
>The Dutch agency said that building the database and insufficiently informing people whose images appear in the database amounted to serious breaches of the European Union's General Data Protection Regulation, or GDPR.
> "Facial recognition is a highly intrusive technology, that you cannot simply unleash on anyone in the world," DPA chairman Aleid Wolfsen said in a statement.
> "If there is a photo of you on the Internet — and doesn't that apply to all of us? — then you can end up in the database of Clearview and be tracked. This is not a doom scenario from a scary film. Nor is it something that could only be done in China," he said.
-----------------
If you're pulling data from European Citizens from all over the internet, I'd imagine that the EU does get a say (since it's literally data processing of EU citizen data). I'd also expect that the EU could just make one of the other upstream suppliers of Clearview data responsible for enforcement.
To seek any sort of judgement or criminal charge against them the EU would need to find an applicable law in the US that covers the activity.
While some people might be upset because GDPR isn't a stick they can use to beat Clearview with, this legal framework is the same that allows you to post material critical of the Chinese government without facing financial penalties or extradition.
That’s cute. I wonder where all the faces are coming from.
The word infinite here is probably a little out of place. But it's a statement of your feelings so it can well be an accurate reflection of them.
“Go eu go. Bankrupt those bastards and jail them all. Go eu go. Give it to them hard”
The only negative that really jumps out to me are cookie consent banners, but those are more malicious compliance than the fault of the EU.
Well, you can vote for politicians that align with your values. The American replies: you can vote with your wallet.
I'd like to see a company like Clearview get boycotted away. It has few customers that pays well and the citizens that they subject to violations are not their customers and have no say.
Also, Re: vote with your wallet. The fact that the richest gets the most ballot papers is not so democratic.
The AI Act (note that this fine was under prior legislation, not the rather new AI Act) bans this except for specified national security purposes, but I'd certainly have preferred to see it ban it entirely.
And the former head of team interventions, who was joinly responsible for the criminal intervention, was mentioned at the end of each episode of a six part documentary called "De Villamoord" as refusing to answer the documentary maker's questions. The documentary was about 9 innocent people sent to jail on fabricated evidence. So she's being responsible for obstruction of justice before, both of them have. But both of them were just promoted, not fired.
Before being the head of team interventions, she was previously the head of the organised crime unit in Arnheim, which is why her name was mentioned at the end of each episode. And it's why I then further investigated her background to discover those roles and the explanation was to why the case was delayed and how she was then in a position to further obstruct justice. I was interested, because we had had two meetings with her in my efforts to get the absurdly massive harrassment stopped.
It's quite clear that the huge escalation in harrassment that occurred before we started protesting at the town hall that resulted in the government buying the house of my harrasser was an attempt to make me trip up and do something illegal. A futile attempt because I'm simply just not that kind of person, I'm very law abiding.
After the big deal that that caused, it looks like they restructured to do the same sort of things but do it all through proxies instead. Plausible deniability. Avoidance of accountability. I expect I'm describing all intelligence agencies here with this, but this was a case of the justice department morphing into an intelligence agency driven thing. So no longer representing justice (or democracy) anymore.
In 2006, the mayor in our council signed the integrated approach to tackeling weed plantages agreement (Convenant, geintegreerde aanpak hennepplantage". The integrated part refers to the proxies (Their partners, like the council) through which they do everything. From that time he was obstructing all attempts from me not to be a victim of harrassment, theft, attacks etc.
Apparently, they are given orders, not explanations, to do things. Plausible deniability. Not very plausible but they would claim the deniability part.
There are some broad rules, like a cilian cannot be used for obsessive observation for more than a year, without a contract and they are not allowed to commit any crimes. But they harrassed me and my family for more than 10 years (Because I complained and thus in their eyes I deserved it). They don't give a shit about the laws, these are thus just for theater. Every single organisation I approached would not help and not journalist responded. No willingness to print the story.
Here for example is an article that refers to the fact that the RIEC is not headed by a person (natuurlijke persoon) and hence you can't take it to court:
https://www.nysingh.nl/blog/inzageverzoek-bij-riec-of-bij-ge...
But it's also helpful to use chatgpt here. Ask it if it is true that the RIEC as organisation cannot be taken to court because it's not headed by a natural person. I've asked that question before and it's answer in the affirmative. Note also, the RIEC has computer systems but asks it's partners, through which it does all it's work, not to put anything into their computers unless it's absolutely necessary for the job. It never is and it cannot be taken to court so it's untouchable.
As to the perjury part, first I'll answer in one way, I filed criminal charges of obstruction of justice against a prosecutor who was the former head of the RIEC who was pretending to prosecute his own asset for stalking merely so that he could make sure that the case did not succeed (because their manner of using this asset was absolutely illegal, they were facilitating illegal activity against people not involved in any criminal activity [collateral damage]). They dismissed the case, I appealed. The appeal went to the attorney general. The attorney general ignored and simply did not comment on any of the evidence and mere responded only to the perjury charge, stating that a prosecutor could not be charged with perjury (meineed), in the sense of artikel bla, bla (The bill for perjury). Suggestioning that the eeds oath (Oath not to lie) that they take when they become a prosecutor is useless.
So here is a link that states that anyone whose job includes a secrecy obligation is exempt from being prosecuted for perjury. They give an "example" of lawyer, but this was just mis-direction at the time, the wording is very broad and in my opinion so broad that it includes everyone in Dutch government.
https://www.judex.nl/rechtsgebied/strafrecht/columns/10-vrag...
And if not, then the attorney general told me in a letter, I just don't have that online.
https://hydracontrolfreak.com/socialhistory/socialhistory.ht...
The link is here:
https://hydracontrolfreak.com/geschiedenis/geschiedenis.htm
Note, I never updated that after the failed court case. Mostly because it make's me feel sick reading and confronting all this. 17 years of my life was taken up with it already. 17 years of my life was hijacked by an illegal and immoral and pointless "government intervention". And just because I had the audacity to complain about the harrassment that played out on the driveway I have to cross to get to my home. How dare I?
And I've not been able to hold a single person accountable. None of my official and on-time government complaints were handled. The council simply replied with "no comment" to all of my questions and refused to put this on paper.
The police wouldn't handle my complaint, likewise with the prosecutor's office. If the journalists don't do their jobs and publish articles about injustices, then there is no functional democracy.
In addition, the assistent to the prosecutor at the time had a role of intervention jurist. Or intervention legal advisor. So the whole lot of them all involved where working together to make sure that case of stalking against their illegal use of a civilian for harrassing someone not involved in criminal activity for more than 10 years would fail. In addition, the papers (The case had a number of news articles associated with it), printed lies from the prosecutor further painting my as an anti-social individual and the judge said in comments to the papers that this case has received enough press attention now. So shutup why don't you.
The civilian that I had filed police reports against for stalking, ending up having his house bought by the government at 200,000 euros loss (Profit to him).
I had more than 600 videos of evidence, the prosecutor could not name a single thing (In a phone call the next day) of anything I had ever done to the harrasser. He refused to submit the evidence and additional, large chunks of evidence "went unexplainably missing" as well.
I researched the hell out of why would a prosecutor deliberately make a case of stalking fail against someone that according to a jurist in the council had consumed more than 1,000,000 euros of money by the authorities over a 10 year period.
Is the business selling to a EU citizen? If so they have to deal with the rights that citizen has.
If a company in some fictitious jurisdiction where fraud is not a crime defrauds an American citizen, should they not face American justice for it? It might be they don't have legal representation in the USA but that shouldn't stop an American citizen on bringing the issue to authorities to deal with.
It's not random, if you make business with someone in the EU or deal with the information of someone in the EU then you need to follow EU's regulations. Can't do that? Don't deal with EU's citizens data or business, it's pretty simple.
I really don't think this is a hard concept to grasp.
Imagine the reverse, if China was fining European companies for not censoring CCP-offensive terms on the internet. Or America was fining them for dealing with US-blocklisted entities like Iran.
The data pertain to EU's citizens, that is covered under the GDPR, if your business deal with private data from EU's citizens you are under the GDPR even if you don't operate in the EU (such as the case of Clearview). Of course, without an office/representation in the EU it's impossible for the EU to collect the fines and apply other punishments, still the business will be judged under the terms of the GDPR in the EU.
It's the business of the EU since the data is from EU's citizens. Like I mentioned before, if a business was defrauding people (i.e.: identity theft) in the USA while operating outside of the USA, the American justice system has all the prerogative to defend its citizens rights even if it wasn't possible to stop the operation, collect fines, etc. There would be an investigation, there would be a prosecution and eventual punishment. Depending on how egregious the rights violating behaviour was it could escalate into the international sphere.
It's the same case here, Clearview AI is processing private data from EU's citizens even if outside of the EU it is against EU laws.
> Or America was fining them for dealing with US-blocklisted entities like Iran.
The USA does punish companies outside of the USA for dealing with US-blocklisted entities, how the hell do you think sanctions work? Why do you think most of the world avoid dealing with Iran, North Korea, etc.?
Clearview has been targeted before by other DPAs in the EU [0][1][2][3][4].
[0] https://www.edpb.europa.eu/news/national-news/2022/french-sa...
[1] https://www.edpb.europa.eu/news/national-news/2022/facial-re...
[2] https://noyb.eu/sites/default/files/2021-01/545_2020_Anh%C3%...
[3] https://www.imy.se/globalassets/dokument/beslut/beslut-tills...
[4] https://www.edpb.europa.eu/news/national-news/2023/decision-...
How would you know if they have no customers here, do you think their intelligence services would tell you ? In the past the head of Dutch intelligence lied to the government about mass surveillance. Even if it was true, guaranteed they would simple send their photos to American counterparts to run.
This is just democracy theatre in reality.
Randomly? EU or other nations act because their citizens have their rights violated. I assume Clearview has collected Dutch faces en masse and thereby violated laws.
Obey by GDPR or don't deal with the data of EU citizens.
Off the top of my head it telling that someone is a criminal when they aren't and ruining their lives
Sure, but as with a lot of this stuff, this allows that to be done _at scale_. "[bad thing] happens anyway" isn't a great argument against "we should ban this thing where [bad thing] is likely to happen at massive frequency".
As for the rest of your argument, even if we take as a given that there is cases where facial recognition could be helpful, I'd say that if a company can't be trusted not to illegally develop their products it can hardly be trusted to respect strict standards when their products are in use
Don't expect anyone here to understand that though.
On the one hand, yes, each nation can stick to their lane. Who is to say their rules and culture and regulations are "correct". Undefined. That another nation may well believe themselves to be the correct one. Under that principle it's wrong to go nosing about other nations. The example of CCCChinaCCCP's arm reaching out censorship wise was made here.
On the flipside, the defending of one's nation's citizens against foreign obnoxiousness is well reasonable. For example, if USA did a better job defending against scammers from India, I think we'd all be happier for it. Now, is India right/correct in believing spam calling is a god given human right to be embedded into their own bill of rights? I don't know, but what I do know is US citizens would be happier if US defended there interests here, as the EU is doing for his citizens.
This is also not like some stupid patent dispute or DMA compliance argument. These employees are directly responsible for stockpiling personal identities of millions of people for the express purposes of making the surveillance efforts of their government easier. That's a very political action, which is directly aggressive against a country's citizens, and they should feel that.
You can break your home country's laws when you go abroad and it's usually OK. You can smoke cannabis when you visit the Netherlands* from Ireland, for instance, and go back home to Ireland without worry.
Violating GDPR is illegal. It's acceptable to arrest people who do things that are against the law. And if, say, I write a lambda that runs hourly and violates the GDPR from my home in California, and then take a holiday to the Netherlands while the lambda is still running, should I be immune from arrest? The offense is still ongoing in that instance.
If we truly take privacy seriously then this should be treated like a crime. If I had something that scammed people in Europe and then holidayed in Europe I'd expect to risk arrest. Or is that somehow less important than violating people's privacy?
* (It's actually technically still illegal but that's a different story). Gedoofd is weird.
The US is willing to prison swap terrorists with Russia, we definitely wouldn’t tolerate some EU country (that we spend billions of dollars defending) arbitrarily arresting tourists so they can hold a foreign company hostage.
Anyway I think you're right that the US would strongarm EU governments in to getting their way (look at privacy shield, etc.) but I still think "you're allowed to continue breaking our laws that affect people in our country while you visit us because it happens to be running on a computer you left at home" is a weak defence.
"Assistant Chief of Police of Miami, Armando Aguilar, said in 2023 that Clearview's AI tool had contributed to the resolution of several murder cases, and that his team had used the technology around 450 times a year. Aguilar emphasized that they do not make arrests based on Clearview's matches alone, and instead use the data as a lead and then proceed via conventional methods of case investigation"
If there was a way to read every person's thoughts in public spaces to deal with crime, so that you could know exactly who is guilty of a crime, or preparing to commit a crime beforehand, would that be a technology you'd support?
Data privacy is important, our collective rights are more important than helping the police to increase their rate of solving crimes.
>Sure, but as with a lot of this stuff, this allows that to be done _at scale_.
EXACTLY. The US wastes over 8 billion dollars a year inefficiently ruining peoples' lives and burning tax dollars. With the advent of facial recognition AI software, we can ruin lives 90% more efficiently at three times the scale!
In other words you would be fine with Canada arresting employees of Clearview if they tried to enter the country after Canada deemed them profiting members of an organization that was breaking the law in Canada?
> what do you mean “did not commit”
It’s standard around the world that employees are not held personally responsible for the crimes of the corporation they work for.
Edit: if we’re talking about an individual US citizen that’s found guilty in the EU, then the EU will go through the extradition process to have them arrested.
> It’s standard around the world that employees are not held personally responsible for the crimes of the corporation they work for.
Is it really so simple? Is all that the cartels missing to avoid persecution from the US gov't simply incorporating in their home state? Of course not.
Imagine that offered death by drones. You tell 'em who you want killed and they mail a package containing a drone that pops out and kills the person when it's delivered. Would it be reasonable to say "Yeah we can't arrest anyone from that company when they come to our country because they incorporated in another jurisdiction?"
You are suggesting a totally new weapon for EU law enforcement which is to imprison individuals who are not found guilty of a crime because they work for a company that owes the EU money. That sounds a bit insane to me, I think if the EU wants to collect their fine they should find a more diplomatic approach that does not equate to a literal war crime [1]
We're talking about people who have suspected of committing a crime in the EU. Should they step foot in the EU the EU is free to arrest suspects of a crime and they can get their day in court.
If I go to Saudi Arabia after having called for their leader to be executed on X for his treatment of women, yeah, probably not a good idea to go.
If I go to Iran after saying Khamenei deserves a rocket to his mansion, yeah, probably not a good idea to go.
If I go to Europe after having run a multi-million dollar scheme affecting European countries by white-labelling services from North Korea (legal in Brazil), and I'm a Brazilian citizen and know Brazil almost never extradites, yeah, probably not a good idea to go.
If I go to the US with my two 12 year old brides from Niger, yeah, probably not a good idea to go.
You're proposing an alternative where people can just commit crimes with no recourse from the victims simply because a border exists somewhere and they commit the crimes on one side of the border.
Would you expect it to be reasonable for Canadian citizens to be shooting at Americans on the border and it unreasonable for American authorities to arrest them if they came to America?
Physical violence is incomparable to working at a company that did something that would be illegal in a certain jurisdiction. Should the person maintaining Clearview's website be arrested in the EU simply because they work there?
Why isn't violent crime comparable to stalking crime? Why is it socially acceptable to hoard personal information about someone and pictures of them as long as someone does it under the auspices of a business but it's creepy and weird to do it as a lone-wolf stalker type? Maybe they're both terrible and creepy business models and the EU is right to prosecute anyone who does it, articles of incorporation or not.