Just a correction - consent isnt the only legal basis. Thought it was important to correct you here so others reading the comment wouldn't get the impression that no consent = illegal
Probably because nobody in the EU currently has this company on their screens. Or because those who are critical of this company and its practices have not yet reported it to the relevant authorities.
In Germany not only the GDPR regulation but also the so-called "right to the own picture" applies here.This means that no one may use/sell pictures of a person without explicit consent. Therefore, photographers must also have an explicit release of the person for the respective context of use.
Clearwater did not obtain consent, so the data shouldn't be there in the first place.
Each and every data protection Behörde here in Germany should be investigating this.
Well I would advise everybody to file a complaint to their local DPA. Even if you can oppose the processing, they rely on legitimate interest (doubtful their balancing act is acceptable) and they acquired the data in a legal way, they failed to inform the user of a second-hand data collection[1].
So If they have data on you, that is older than a month, and did not contacted you to inform you of it, you can file a complaint!
Search for how many of those enforcements came from Ireland. Now look up what country's GDPR authority Google and Facebook and most American companies are choosing to be subject to. It's not a coincidence that the place that hosts all US company's remote headquarters isn't participating in GDPR enforcement.
Ireland tried to give a great deal to Apple. The EU didn't take it very well [1]. I wouldn't be surprised if the EU will investigate Irish GDPR enforcement.
I am surprised they haven't been fined out of existence yet.