GuiGui's Show

While the authority considers the practices of the facial recognition search engine PimEyes to be illegal, it refuses to take effective action because the company seems to be based in Dubai. PimEyes systematically extracts biometric data from images on the internet and uses it to build up a database. Users can upload photos of people to this website to find further images of the same person via facial recognition. The claimant had originally filed a complaint against PimEyes with the Hamburg DPA in July 2020.

[…] In this respect, PimEyes operates in a similar way to the US company Clearview AI, which has already incurred fines running into millions due to its GDPR violations.

[…]

Throughout the five years of the proceedings, PimEyes claims to have been based in Poland, the Seychelles and Belize – yet the Hamburg authorities apparently never verified whether the changing locations on the website were in fact accurate. Now, however, they are being used as a justification for taking no action.

[…]

[…] The claimant believes that the Hamburg Data Protection Authority should take effective action against PimEyes, which is also possible in the case of data controllers from third countries. This could involve freezing funds in Europe, requiring PimEyes’ service providers to delete data, or imposing measures directly against the Georgian managing director. Should the lawsuit be successful, the authority would have to reconsider the original complaint and would likely have to take measures that provide effective relief.

Years of waiting for an “information letter”.

Comme quoi, y a pas que la CNIL. Branlette générale avec le pognon des citoyens.

La France n'a jamais recouvré l'amende (et l'astreinte) imposée par la CNIL à Clearview en 2022-2023 (source, page 41)