Clearview AI wins appeal to overturn $10 million UK privacy fine
Clearview AI, the technology firm that has garnered notoriety and government restrictions for its facial recognition software, won an appeal to overturn a penalty issued by the United Kingdom’s privacy watchdog last year.
The Information Commissioner’s Office (ICO) issued a formal enforcement notice against the company in May 2022 for unlawfully storing facial images. The ICO ordered the company to pay a £7.5 million fine (about $10 million) and delete information it had on U.K. citizens.
In a ruling issued Tuesday, a tribunal sided with Clearview AI, which had appealed the sanction. “Although the processing undertaken by [the ICO] was related to the monitoring of data subjects’ behaviour in the United Kingdom, the processing is beyond the material scope of the GDPR [General Data Protection Regulation],” the tribunal said, referring to the comprehensive privacy regulation that governs how companies handle and store data in much of Europe.
Although the tribunal agreed with some of the ICO’s arguments, the company was essentially deemed to be exempt from GDPR because it’s used only by law enforcement authorities outside the U.K.
“The Service is not currently used by clients in the UK nor in the EU,” according to the ruling, adding that Clearview AI’s customers include clients in the U.S., Panama, Brazil, Mexico, and the Dominican Republic. “Investigators in one country may be interested in behaviour happening in another country as criminal activity is not limited by national boundaries.”
A spokesperson for the ICO said the office “will take stock of the judgment and carefully consider next steps.
“It is important to note that this judgment does not remove the ICO’s ability to act against companies based internationally who process data of people in the UK, particularly businesses scraping data of people in the UK, and instead covers a specific exemption around foreign law enforcement.”
Clearview AI did not respond to a request for comment.
The U.K. fine is just one of several enforcement actions and lawsuits brought against Clearview AI in recent years. Last July, the company was fined $20 million and banned from processing biometric data in Greece over GDPR violations. Similar fines have been imposed by regulators in France and Italy. The UK’s GDPR is distinct from the EU’s regulation, though it is based on the same framework.
The company also reached a settlement last year with the American Civil Liberties Union and several other plaintiffs that essentially banned Clearview AI from selling its database to private business or individuals anywhere in the U.S.
"We're very happy to reach a settlement and then move on and we think that there's other great applications of this technology that we'll be able to show over time,” Hoan Ton-That, the company’s chief executive, said in an interview with Click Here.
Suzanne Smalley and Alexander Martin contributed to this report.
is the founding editor-in-chief of The Record from Recorded Future News. He previously was the cybersecurity and privacy reporter for Protocol, and prior to that covered cybersecurity, AI, and other emerging technology for The Wall Street Journal.