The U.K. Information Commissioner’s Office (ICO) announced Friday that it will seek to overturn a British court’s recent decision to block a £7.5 million (about $10 million) fine levied against Clearview AI, a controversial facial recognition company that sources, stores and sells access to a database of 30 billion face images.
In the October ruling, the British tribunal sided with Clearview, which had appealed the fine, saying that the ICO’s action went “beyond the material scope of the GDPR [General Data Protection Regulation],” a reference to Europe’s tough privacy and security law.
The tribunal in the October decision backed some of ICO’s arguments, but ultimately ruled that Clearview is largely exempt from the GDPR, because only law enforcement agencies outside of the U.K. use the company’s products.
The court also ruled that British privacy regulations do not extend to companies working with law enforcement, saying “their respective criminal law enforcement and national security functions [are] outside the material scope of the Regulations.”
In a statement issued Friday, John Edwards, head of the ICO, said that while he respects the court’s scrutiny, he will “challenge this judgment to clarify whether commercial enterprises profiting from processing digital images of UK people, are entitled to claim they are engaged in ‘law enforcement.’”
Clearview AI had argued that its work in the U.K. was “in support of the public interest
activities of foreign governments and government agencies, in particular in relation to their
national security and criminal law enforcement functions.”
Edwards’s announcement condemned Clearview’s practices and highlighted why he believes he must seek to overturn the court’s decision.
“It is my job to protect the data rights of the people of the United Kingdom and it is my view that there are too many who are being affected by the sheer scale and intrusiveness of Clearview’s mass scraping of personal information,” Edwards said.
Clearview AI praised the court’s decision.
“The Tribunal decision vindicated the common-sense position that Clearview AI has taken all along: Clearview AI is not subject to the ICO’s jurisdiction,” Jack Mulcaire, Clearview AI’s general counsel, said in a prepared statement. “We oppose the ICO’s meritless appeal.”
The ICO’s press release noted that the tribunal hearing the appeal focused on jurisdictional issues, but appeared to substantively side with the ICO that Clearview was “processing personal information, which related to the monitoring of individual’s behavior through the collection of billions of facial images, which were then offered for access and analysis using AI, to foreign subscribers.”
The ICO said it was important that the courts have acknowledged that foreign companies are subject to U.K. data protection laws involving the monitoring of U.K. residents.
“As such, where Clearview provides its services commercially, it will be subject to the ICO’s jurisdiction,” the ICO release said.
Recorded Future
Intelligence Cloud.
No previous article
No new articles
Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.
