Clearview AI Escapes UK Privacy Sanction on Jurisdiction Grounds

Clearview AI avoids UK penalties as tribunal rules regulator lacked jurisdiction over foreign company providing services to non-UK clients.

Clearview AI, a US-based company, has escaped a £7.5 million ($9 million) penalty issued by the Information Commissioner's Office (ICO), the UK's data regulator, after a UK tribunal ruled that the ICO did not have jurisdiction over Clearview's activities.
Though the UK tribunal accepted that Clearview's database likely contained images of UK residents, it ruled that Clearview's data processing for foreign law enforcement agencies was outside of the ICO's jurisdiction, thereby invalidating the penalty.
Key to Clearview's defense was that its services are intended exclusively for foreign (non-UK/EU) criminal law enforcement and national security agencies and thus outside the material scope of UK regulations, specifically Article 2(2)(a) of the UK GDPR.
The tribunal's ruling does not make a judgment on whether Clearview AI had breached UK or EU data protection regulations. Instead, the decision focuses on the jurisdictional challenge to the ICO's enforcement notices.
Despite the tribunal's judgment, the ICO maintains its ability to act against internationally based companies that process the data of individuals within the UK. However, this judgment presents a specific exemption related to foreign law enforcement.