In a blow to Britain’s goal to become an AI powerhouse and regulator, a judge has ruled that its top privacy regulator has no power to sanction and American based AI firm. The firm named Clearview AI harvested a vast number of personal photos for its facial recognition software without users’ consent.
The case stemmed from a New York Times report from 2020, that Clearview AI had harvested billions of social media images without users’ consent. After the scandal broke, Clearview then pulled out from the UK and several European markets.
The Information Commissioner’s office (ICO) took action in 2022 against Clearview, alleging that the company had unlawfully collected British data for behaviour-monitoring purposes. It slapped Clearview with a £7.5 million fine and ordered it to delete the data of UK residents.
However, it is not clear whether Clearview ever did delete those images especially as lawyers for the company have pointed out it was under no obligation to, until its appeal was determined.
The judgement which came from a three person tribunal agreed with Clearview’s assertion that the ICO lacked jurisdiction as the data was processed on behalf of foreign governments.
Had the data processing been for commercial purposes, it is possible that the result may have been different, or if UK law enforcement had made use of the data, then perhaps it would have been different.
Instead, as it was used on behalf of foreign governments in an area that is outside EU law, normal GDPR principles do not apply.
However, the judges were keen to point out that this does not prevent the ICO from acting against companies based internationally who process UK citizens’ data. Particularly businesses scraping UK citizens data. It only covers a specific exemption around foreign law enforcement.
Still, this might well be a blow for Britain as it looks to take the lead in the regulation and development of AI.
Vivek Rajkhowa 
Leave a comment