Clearview AI, a New York company that scraped billions of photos from the public internet to build a facial recognition app used by thousands of U.S. law enforcement agencies, will not have to pay a fine of 7.5 million pounds, or $9.1 million, issued by Britain’s chief data protection agency. A British appeals court ruled this week that the agency does not have jurisdiction over how foreign law enforcement agencies use British citizens’ data.
Why It Matters
Regulators in Australia, Canada and Europe have found that Clearview AI’s collection of their citizens’ data without consent, including from social media sites like Facebook, Instagram and LinkedIn, violated their countries’ privacy laws and ordered the company to delete their citizens’ photos from its database. In addition to the British fine, data protection agencies in France, Italy and Greece each issued a fine of 20 million euros, or $21 million, against Clearview AI.
The fines are an existential threat for Clearview AI, which has raised just over $38 million from investors, but it may be able to get them overturned on the same grounds it argued in Britain, said James Moss, a London-based partner at Bird & Bird who specializes in data protection.
Jack Mulcaire, a Clearview AI lawyer, said the company was “pleased” with the decision. The Information Commissioner’s Office in Britain said in a statement that the judgment “does not remove the I.C.O.’s ability to act against companies based internationally who process data of people in the U.K., particularly businesses scraping data of people in the U.K.” It noted that this case was “a specific exemption around foreign law enforcement.”
Privacy regulators are concerned about data harvested en masse from the internet. This summer, data protection agencies around the world issued a joint statement warning companies that scrape information from the public internet that the practice could violate privacy laws.