One of the most controversial tech companies in the U.S., the facial recognition outfit Clearview A.I. Inc., has just beaten a case in the U.K. and avoided a £7.5 million ($9.1 million) fine.

Clearview A.I. has been in business since 2017, founded by Australian entrepreneur Hoan Ton-That and U.S. politician Richard Schwartz. The company managed to keep under the radar for a couple of years, until 2019, when it was discovered that it had been scraping images from the internet without the consent of the public and the companies whose websites were used.

Facial recognition technology has always faced challenges in the U.S., seeing that much of the public and certainly privacy advocates view it as a kind of Orwellian-Big Brother reality. It has been said it puts the public in a “perpetual line-up.” Such pushback is the reason why large tech companies have curtailed development of such products.

Clearview A.I. seemingly didn’t get that memo. It currently has a database of more than 30 billion scraped images, using them for more than a million searches a month for U.S. law enforcement. In 2020, the company had no choice but to stop selling its facial recognition technology to most private firms, but police departments throughout the U.S. are still working with the company.

In 2022, the U.K.’s Information Commissioner’s Office, or ICO, said Clearview’s scraping images of British citizens was a breach of the country’s data protection laws and hit the company with the fine. At the same time, Australia, Canada, France, Greece and Italy demanded that Clearview stop scraping data of their citizens. France, Italy and Greece have each issued fines of $21 million, which could have put an end to a firm of Clearview’s size.

Although it does not have clients in any of those nations, including in the U.K., its customers in the U.S. have made use of their data. This week, a British appeals court ruled that the ICO does “not have jurisdiction” over how foreign law enforcement or national security bodies use British citizens’ data. It’s believed this may not bode well for the other countries currently taking action against the company.

“U.K. data protection law (U.K. GDPR) provides that acts of foreign governments fall outside its scope; it is not for one government to seek to bind or control the activities of another sovereign state,” a lawyer explained to the BBC.

In a statement, the ICO said, “It is important to note that this judgment does not remove the ICO’s ability to act against companies based internationally who process data of people in the U.K., particularly businesses scraping data of people in the U.K., and instead covers a specific exemption around foreign law enforcement.”

Photo: Nick Loggie/Unsplash