UK Court Blocks UK ICO Fine and Enforcement Against Clearview

by Olivia R. Lee and Sarah Pearce

From left to right: Olivia R. Lee and Sarah Pearce. (Photos courtesy of Hunton Andrews Kurth LLP)

On October 17, 2023, The First-tier Tribunal of the UK General Regulatory Chamber allowed an appeal by Clearview AI Inc (“Clearview”) against an enforcement notice and fine issued by the UK’s Information Commissioner’s Office (“ICO”).

On May 18, 2022, the ICO issued an enforcement notice requiring that Clearview delete the personal data of UK individuals collected through the use of its facial recognition technology and held in its database (the “Notice”), as well as a fine of £7.5 million, alleging several violations under the EU and UK General Data Protection Regulations (“GDPR”). Clearview appealed the Notice and fine, disputing that it had infringed the GDPR, and that the ICO had jurisdiction to issue the Notice and fine. Among other submissions, Clearview, which is based in the U.S. and does not (and did not, at the time of the alleged infringements) have an establishment in the EU or UK for GDPR purposes, asserted that it was a foreign company acting on behalf of foreign law enforcement and therefore its processing fell outside of the scope of Article 2 of the EU GDPR and Article 3 of the UK GDPR.

The judge allowed the appeal, stating that although the processing did constitute monitoring of individuals in the UK for GDPR purposes, the processing was outside of the scope of the GDPR. The judge accepted Clearview’s submissions that its services are only provided to non-UK/EU law enforcement or national security bodies and their contractors, and confirmed that the activities of foreign governments fall outside the scope of both the EU and UK GDPR, since one government is not able to bind or control the activities of another sovereign state.

Olivia R. Lee is an Associate and Sarah Pearce is a Partner at Hunton Andrews Kurth LLP. This post was originally published on the firm’s blog.

The views, opinions and positions expressed within all posts are those of the author(s) alone and do not represent those of the Program on Corporate Compliance and Enforcement (PCCE) or of the New York University School of Law. PCCE makes no representations as to the accuracy, completeness and validity or any statements made on this site and will not be liable any errors, omissions or representations. The copyright or this content belongs to the author(s) and any liability with regards to infringement of intellectual property rights remains with the author(s).

Share this post:

Share on PinterestShare on LinkedInShare on Reddit