UK tribunal reinstates fine against Clearview AI, clarifies GDPR scope

A 7.5 million-pound (US$10 million) fine levied against Clearview AI by the UK Information Commissioner for violating data privacy regulations by scraping face biometrics from public web pages has been restored on a second appeal.

The Upper Tribunal has found the U.S.-based company’s biometrics processing is related to monitoring UK residents’ behavior, that it does not fall outside the bounds of UK data protection law. The law was incorrectly applied in the first appellate ruling, it says.

The ICO originally issued the fined Clearview for violating UK law with its facial recognition database in 2022.

In October 2023, the First-tier Tribunal ruled that Clearview’s actions fall outside the scope of the EU and UK GDPRs, not territorially but materially. Clearview’s biometrics processing is carried out exclusively in support of foreign governments, making it exempt, the lower tribunal found.

An appeal from the Information Commissioner to the three-judge panel of the Upper Tribunal followed immediately. Privacy International was an official intervener in the appeal. Clearview AI General Counsel Jack Mulcaire described the appeal to Biometric Update in an emailed statement at the time as “meritless.”

More recently, the firm described it as “completely unprincipled” as it divides its legal attention between appeals court in the UK and Canada.

The Upper Tribunal’s decision says that the FTT’s finding that Clearview’s actions “exclusively in furtherance of” government law enforcement or national security functions is “unexplained,” but is also . The lower tribunal’s finding “provides a potential foundation for the FTT’s conclusion that the processing of personal data by Clearview’s clients was ‘in the course of an activity which … fell outside the scope of Union law’, but it does not explain how or why it concluded that Clearview’s own processing was not caught.”

Information Commissioner John Edwards welcomed the clarification of the GDPR’s scope, saying the Upper Tribunal “upheld our ability to protect UK residents from having their data, including images, unlawfully scraped and then used in a global online database without their knowledge.”

“The ruling also gives greater confidence to people in the UK that we can and will act on their behalf, regardless of where the company handling their personal information is based. It is essential that foreign organisations are held accountable when their technologies impact the information rights and freedoms of individuals in the UK.”

Article Topics

biometric data  |  biometrics  |  Clearview AI  |  data protection  |  face biometrics  |  Information Commissioner’s Office (ICO)  |  UK GDPR