US-based facial recognition company ClearView won an appeal against the Information Commissioner’s Office (ICO) in the UK. On October 17 the First Tier Tribunal in the UK concluded that the ICO did not have the jurisdiction to issue such a notice because “although the processing undertaken by CV was related to the monitoring of data subjects’ behaviour in the United Kingdom, the processing is beyond the material scope of the GDPR [General Data Protection Regulation],” it said. The GDPR sets out a series of data protection principles for people/companies using personal data in the country. Last year in May, the ICO fined Clearview AI £7,552,800 for using images of people in the UK, and elsewhere, that were collected from the web to create a global online database that could be used for facial recognition. It had also issued an enforcement notice against the company ordering the company to stop obtaining and using the personal data of UK residents that is publicly available on the internet and to delete the data of UK residents from its systems. Some context: ClearView’s facial recognition system is built on a database constructed by scouring through the millions of publicly available images on the internet. Once you feed a person’s image into it, it pulls out all matching faces from its database. In 2020, the governments of Australia and the UK opened a joint investigation into the company to look into ClearView’s personal data handling practices. This investigation resulted in the ICO issuing an enforcement…
