Noyb, the Austrian privacy rights group, announced on Tuesday that it has filed a criminal complaint against Clearview AI. The legal filings allege that Clearview AI has been illegally collecting the images and videos of European Union residents, violating GDPR.

According to noyb, Clearview’s actions breach both civil and criminal provisions under Austrian law, meaning its company executives could face personal legal consequences, including potential jail time.

Austrian privacy group files criminal complaint against Clearview

An Austrian privacy rights group, noyb, announced on Tuesday that it has filed a criminal complaint against Clearview AI, accusing the U.S.-based facial recognition company of illegally collecting and processing images and videos of European Union residents.

The group alleges that Clearview’s vast biometric database, which was built by scraping publicly available images from websites and social media platforms, violates the EU’s General Data Protection Regulation (GDPR).

“Clearview AI amassed a global database of photos and biometric data, which makes it possible to identify people within seconds,” Max Schrems, noyb’s founder and a well-known privacy advocate, said. “Such power is extremely concerning and undermines the idea of a free society, where surveillance is the exception instead of the rule.”

Schrems previously led two landmark cases that struck down transatlantic data-transfer agreements between the EU and the U.S.

He said that Clearview’s continued disregard for EU rulings and unpaid fines is due to regulators struggling to enforce sanctions or collect penalties.

AI firm faces multiple GDPR battles across Europe

Clearview AI, which mainly markets its 60-billion-image database for facial-recognition tools to law enforcement agencies, has long defended its practices, claiming that it only gathers publicly available data.

However, authorities in France, Greece, Italy, and the Netherlands have found Clearview in violation of GDPR for scraping and storing the biometric data of millions of EU citizens without consent. Together, these countries have imposed nearly €100 million ($116.62 million) in fines.

Clearview also faced a U.S. class-action lawsuit, which was settled in March over similar accusations of unauthorized data scraping.

In the United Kingdom, Clearview is currently contesting a £7.5 million fine issued by the UK’s Information Commissioner’s Office (ICO). The company argues that the UK’s GDPR does not apply because its services are provided only to foreign law enforcement agencies and the company operates outside British jurisdiction.

In October, a UK court dismissed Clearview’s first appeal, ruling that its facial-recognition system does indeed fall under the jurisdiction of the UK GDPR because clients use it to identify individuals and analyze behavior. The case is now set to return to a lower tribunal, although Clearview still has the option to seek permission to appeal the jurisdiction ruling.

Clearview has maintained in previous statements that its technology operates within legal boundaries. Still, critics argue that the company’s technology poses major risks to privacy and civil liberties because it enables mass surveillance without oversight or consent.

Sign up to Bybit and start trading with $30,050 in welcome gifts