"A company which enables its clients to search a database of billions of images scraped from the internet for matches to a particular face has won an appeal against the UK’s privacy watchdog.

Last year, Clearview AI was fined more than £7.5m by the Information Commissioner’s Office (ICO) for unlawfully storing facial images.

Privacy International (who helped bring the original case I believe) responded to this on Mastodon:

"The first 33 pages of the judgment explain with great detail and clarity why Clearview falls squarely within the bounds of GDPR. Clearview’s activities are entirely “related to the monitoring of behaviour” of UK data subjects.

In essence, what Clearview does is large-scale processing of a highly intrusive nature. That, the Tribunal agreed.

BUT in the last 2 pages the Tribunal tells us that because Clearview only sells to foreign governments, it doesn’t fall under UK GDPR jurisdiction.

So Clearview would have been subject to GDPR if it sold its services to UK police or government authorities or commercial entities, but because it doesn’t, it can do whatever the hell it wants with UK people’s data - this is at best puzzling, at worst nonsensical."

  • tillimarleen@feddit.de
    link
    fedilink
    arrow-up
    15
    ·
    1 year ago

    so if I go to Britain, rob a home, take the loot out of the country and sell it there, it‘s all good?

    • Skull giver@popplesburger.hilciferous.nl
      link
      fedilink
      arrow-up
      7
      arrow-down
      1
      ·
      1 year ago

      No, what this says is that Britain can’t fine you for breaking into a home in the United States, even if that home belongs to a British citizen. Things that are illegal in one country, but don’t take place in that country, can’t be prosecuted. Imagine if the British government could send you a fine for buying legal weed.

      This company doesn’t do business in the UK (which would be illegal). The court basically says the UK has no business fining ClearView if they can’t prove that ClearView is under their jurisdiction.

      • mozzribo@leminal.space
        link
        fedilink
        arrow-up
        2
        ·
        1 year ago

        But as long as the data acquisition as a process and storage happens on UK territory, isn’t it still illegal? Isn’t it like saying I’m robbing a bank but since I wired the funds into a Swiss safe, I’m good?

    • ThenThreeMore@startrek.website
      link
      fedilink
      English
      arrow-up
      3
      ·
      1 year ago

      Only if you’re doing so in an official governmental capacity for your country.

      The article is basically that they won the appeal because they only provide services to governments and law enforcement (having previously withdrawn their services to businesses because they lost a lawsuit in the USA)