No action taken against PimEyes: noyb lawsuit against Hamburg DPA
Privacy advocacy group noyb has sued the Hamburg data protection authority for failing to act against PimEyes, a facial recognition search engine that scrapes biometric data from the internet to build a searchable database of faces. The Hamburg DPA acknowledges the service appears to violate EU law but has declined to pursue enforcement, citing the company's apparent base in Dubai.
Why this matters: PimEyes lets anyone upload a photo of a person and find other images of them across the web. That is a serious tool for stalkers, abusers, and anyone else who wants to track someone without their knowledge. The Hamburg DPA agrees this looks illegal. It is just not doing anything about it. 'We think it's a problem but the company is overseas' is not an enforcement position. It is a gap that leaves real people exposed. noyb is essentially suing a regulator for sitting on its hands, which is a test of whether EU privacy law means anything when enforcement gets inconvenient.
Who should care: Lawyers · Privacy officers · Compliance · AI governance · Cybersecurity · General readers · Policy
This summary is AI-assisted and may contain errors. It is an original briefing to help you gauge significance quickly — not a reproduction of the source. Always read the linked original before relying on it. See our methodology.