The European Data Protection Board Tackles Issues Familiar to the U.S. Privacy Watchers

The European Data Protection Board (EDPB) is an independent European body which contributes to the consistent application of data protection rules throughout the European Union and promotes cooperation between the EU’s data protection authorities.   During its recent plenary session, the EDPB addressed privacy issues surrounding TikTok and Clearview AI, two companies which are very familiar to the privacy watchers in the United States.

The EDPB announced a decision to establish a task force to coordinate potential actions and to acquire a more comprehensive overview of a video-sharing service TikTok’s processing and practices across the European Union.

Last year, the U.S. Federal Trade Commission entered into a consent order with Musical.ly (which subsequently merged into TikTok) where the company agreed to pay $5.7 million to settle allegations of the alleged Children’s Online Privacy Protection Act violations. As we recently reported, the U.S. lawmakers are now urging the FTC to open an investigation into allegations that TikTok violated the consent order.

In a letter submitted to the European Parliament in November, Parliament Member Moritz Korner cited the FTC’s fine against TikTok and inquired whether the European Commission had been in touch with the EDPB over TikTok’s potential security risks.  The EDPB established a task force in response to the concerns raised in that letter.

The EDPB also expressed doubts whether any European Union or Member State law provides a legal basis for using a facial recognition service offered by the New York-based Clearview AI.  Clearview scrapes billions of publicly available images of individuals from the internet without their knowledge or consent. Clearview’s customers, including law enforcement and private businesses, use the company’s database to search for persons of interest using their images.

The EDBP concluded that “the lawfulness of such use by EU law enforcement authorities cannot be ascertained” and that it is “likely not .  .  . consistent with the EU data protection regime.”

As we recently reported, Clearview AI has been in hot legal waters in the United States over its alleged privacy violations.   The ACLU recently filed a lawsuit asserting that the company’s technology violates the Illinois Biometric Information Privacy Act and the Vermont Attorney General charged it with violating the state’s consumer protection and data broker statutes.  In addition, the New Jersey Attorney General barred state police from using the company’s product.

The decisions by the EDPB is a stark reminder that in a digital universe, privacy issues are not confined to the physical borders.  Companies should be mindful that their privacy practices might run afoul of regulations in multiple jurisdiction potentially multiplying their exposure and penalties.

 Ask Clarip today how we can solve your biggest privacy compliance pain points, Call Clarip at 1-888-252-5653