The head of France’s data privacy said on Wednesday she was considering triggering the process of fining US-based Clearview AI, a facial recognition company the regulator had ordered to stop amassing data from people based in the country.
The start of a formal penalty process would indicate that CNIL suspected Clearview of failing to comply with its order within the two-month deadline it had set.
“I am seriously thinking about it,” Marie-Laure Denis said, after presenting CNIL’s annual report.
In a formal demand disclosed last December, the regulator said Clearview’s collection of publicly-available facial images on social media and the internet breached European Union rules on data privacy, known as GDPR.
Under EU law, the regulatory framework of the GDPR can apply in some cases where data of EU-based users of internet services are tracked and processed, even if the provider has no physical presence inside the bloc.
CNIL said in December that the software company, which is used as a search engine for faces to help law enforcement and intelligence agencies in their investigations, failed to ask for the prior consent of those whose images it collected online.
Denis did not elaborate on the extent of the potential fine that the regulator could issue.
Clearview agreed earlier this week to restrictions on how businesses can use its database of billions of facial images, to resolve a US lawsuit that accused it of collecting people’s photos without permission.
Critics of Clearview AI have said its technology violated people’s privacy. The company has said blocking it from using publicly-available images amounted to censorship.
Want more news? Subscribe to CPI’s free daily newsletter for more headlines and updates on antitrust developments around the world.