In the UK this week, a judge has allowed the appeal of facial recognition specialist Clearview AI against an enforcement notice and fine issued last year by the Information Commissioner. Clearview successfully argued that it was not subject to the GDPR.
Almost two years ago, privacy body the ICO said it planned to impose a potential fine of just over £17m on Clearview AI, for using images of people in the UK, and elsewhere, collected from the web and social media to create a global online database. It issued an immediate notice to stop the company further processing UK citizens' personal data, and six months later settled the amount of the fine at £7.5m. At the time Information Commissioner John Edwards (pictured) said: 'Clearview AI not only enables identification of people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable. That is why we have acted to protect people in the UK by both fining the company and issuing an enforcement notice'.
On Tuesday this week, however, the First-tier Tribunal of the UK General Regulatory Chamber accepted Clearview's argument that as a company based in the US without an establishment in the EU or UK, and acting on behalf of foreign law enforcement authorities, its processing fell outside of the scope of Article 2 of the EU GDPR and Article 3 of the UK's equivalent. As detailed on www.huntonprivacyblog.com , the judge confirmed that the activities of foreign governments fall outside the scope of both the EU and UK GDPR, since one government is not able to bind or control the activities of another sovereign state.
Web sites: www.ico.org and www.clearview.ai .
All articles 2006-23 written and edited by Mel Crowther and/or Nick Thomas unless otherwise stated.