Clearview AI, a U.S. surveillance and facial recognition company, has emerged victorious in a UK court appeal regarding alleged breaches of the UK's General Data Protection Regulation (GDPR). This development follows Clearview AI's initial fine of nearly $10 million in May 2022 for violations of the UK GDPR. The recent decision will quash the fine unless the UK Information Commissioner's Office (ICO) opts to further appeal the ruling.
The UK court bench, led by Justice Lynn Griffin, determined that Clearview AI ("CV") had breached the GDPR due to jurisdictional limitations on the application of the GDPR to foreign entities. The court documents, published on October 17. make it clear that the question of whether CV breached provisions of the GDPR or the UK GDPR was not the subject under consideration. It is implied that this aspect would be addressed in any substantive hearing if the case progresses.
The court documents state that CV, being a foreign company providing services to foreign customers and conducting activities that are directed outside the UK, falls outside the scope of the UK ICO's authority to provide GDPR protection to its citizens. Essentially, this appeal decision sets a legal precedent indicating that the UK court system's enforcement of the GDPR is limited to companies falling strictly under UK jurisdiction. In contrast, Clearview AI has faced legal actions and fines through the EU GDPR in multiple European countries, including France, Italy, and Greece.
Clearview AI's software and services have drawn ongoing accusations of violating civil rights and privacy protections in the United States. Nevertheless, the company's close connections to law enforcement have granted it a level of protection consistent with U.S. efforts to counter unwarranted surveillance, despite concerns about its alignment with the Fourth Amendment to the U.S. Constitution. Consequently, removing one's data from Clearview AI's datasets has been nearly impossible for most individuals.
Clearview AI's privacy policy outlines that only residents of certain states, including California, Colorado, Connecticut, Illinois, and Virginia, have the option to submit requests for consumer access, opt-out, and deletion of their data. For those in other areas, there was no clear mechanism to have their data removed from Clearview AI's systems. The same privacy policy also indicates that Clearview AI may have sold personal information, such as facial vectors and photos, to law enforcement agencies, government entities, and their authorized contractors, as well as to security and national security professionals.
In order to opt out, residents of the specified U.S. states are required to provide a headshot photo, verify government-issued identification, and furnish any additional information requested by the company for their removal request to be reviewed.
