UK privacy authority to appeal decision overturning $10 million fine on Clearview AI

Omega Balla
The U.K. Information Commissioner’s Office (ICO) announced Friday that it will seek to overturn a British court’s recent decision to block a £7.5 million (about $10 million) fine levied against Clearview AI

The U.K. Information Commissioner’s Office (ICO) announced Friday that it will seek to overturn a British court’s recent decision to block a £7.5 million (about $10 million) fine levied against Clearview AI, a controversial facial recognition company that sources, stores and sells access to a database of 30 billion face images.

In the October ruling, the British tribunal sided with Clearview, which had appealed the fine, saying that the ICO’s action went “beyond the material scope of the GDPR [General Data Protection Regulation],” a reference to Europe’s tough privacy and security law.

The tribunal in the October decision backed some of ICO’s arguments, but ultimately ruled that Clearview is largely exempt from the GDPR, because only law enforcement agencies outside of the U.K. use the company’s products.

The court also ruled that British privacy regulations do not extend to companies working with law enforcement, saying “their respective criminal law enforcement and national security functions [are] outside the material scope of the Regulations.”

In a statement issued Friday, John Edwards, head of the ICO, said that while he respects the court’s scrutiny, he will “challenge this judgment to clarify whether commercial enterprises profiting from processing digital images of UK people, are entitled to claim they are engaged in ‘law enforcement.’”

Clearview AI had argued that its work in the U.K. was “in support of the public interest
activities of foreign governments and government agencies, in particular in relation to their
national security and criminal law enforcement functions.”

Edwards’s announcement condemned Clearview’s practices and highlighted why he believes he must seek to overturn the court’s decision.

“It is my job to protect the data rights of the people of the United Kingdom and it is my view that there are too many who are being affected by the sheer scale and intrusiveness of Clearview’s mass scraping of personal information,” Edwards said.

Clearview AI praised the court’s decision.

“The Tribunal decision vindicated the common-sense position that Clearview AI has taken all along: Clearview AI is not subject to the ICO’s jurisdiction,” Jack Mulcaire, Clearview AI’s general counsel, said in a prepared statement. “We oppose the ICO’s meritless appeal.”

The ICO’s press release noted that the tribunal hearing the appeal focused on jurisdictional issues, but appeared to substantively side with the ICO that Clearview was “processing personal information, which related to the monitoring of individual’s behavior through the collection of billions of facial images, which were then offered for access and analysis using AI, to foreign subscribers.”

The ICO said it was important that the courts have acknowledged that foreign companies are subject to U.K. data protection laws involving the monitoring of U.K. residents.

“As such, where Clearview provides its services commercially, it will be subject to the ICO’s jurisdiction,” the ICO release said.

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Suzanne Smalley is a reporter covering privacy, disinformation and cybersecurity policy for The Record. She was previously a cybersecurity reporter at CyberScoop and Reuters. Earlier in her career Suzanne covered the Boston Police Department for the Boston Globe and two presidential campaign cycles for Newsweek. She lives in Washington with her husband and three children.


Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Remcos, again: Ukrainian agencies targeted in a new spying campaign

Next Post

Russian analysts point finger at China, North Korea over cyber activity

Related Posts

TA558 Hackers Weaponize Images for Wide-Scale Malware Attacks

The threat actor tracked as TA558 has been observed leveraging steganography as an obfuscation technique to deliver a wide range of malware such as Agent Tesla, FormBook, Remcos RAT, LokiBot, GuLoader, Snake Keylogger, and XWorm, among others. "The group made extensive use of steganography by sending VBSs, PowerShell code, as well as RTF documents with an embedded exploit, inside
Read More

Raspberry Robin Malware Upgrades with Discord Spread and New Exploits

The operators of Raspberry Robin are now using two new one-day exploits to achieve local privilege escalation, even as the malware continues to be refined and improved to make it stealthier than before. This means that "Raspberry Robin has access to an exploit seller or its authors develop the exploits themselves in a short period of time," Check Point said in a report this
Read More