Clearview AI Inc. – Court Ruling (United Kingdom, 2023)

Clearview AI Inc. – the controller – is an American company the scraps the internet and collects pictures of millions of people in order to offer access to an extensive database for facial recognition. Since 2020, Clearview’s only clients are law enforcement agencies in third countries, which use the services provided by the company to investigate and prevent crime. The controller has no establishment in the EU, nor in the UK. The controller was found in violation of several GDPR provisions and fined £7.5 million by the British DPA. The controller appealed the decision arguing that the processing fell outside the scope of the (UK) GDPR, as Clearview did not monitor the behaviour of people in the EU within the meaning of Article 3(2)(b) (UK) GDPR. Also, the controller claimed that the material scope of (UK) GDPR was not satisfied, as Article 2(2)(a) GDPR (Article 3(2A) UK GDPR) explicitly excludes processing in the context from the scope of EU law. As a matter of fact – the controller argued – its clients used the service for law enforcement purposes, that are not covered by the GDPR. In light of the above, the British DPA did not have jurisdiction in the case at issue. At the outset, the First-tier Tribunal examined the applicability of the (UK) GDPR in light of its territorial scope. The court noted that, for Article 3(2)(b) (UK) GDPR to apply, the processing activities shall be ‘related to’ the monitoring of the behaviour of people in the UK. According to the court – referring to the EDPB guidelines on Article 3 GDPR – monitoring requires ‘an element of targeting and intentionality’ and the existence of a specific purpose for collection and reuse of the data. ‘Behaviour’ – the court also clarifies – necessarily implies some kind of action by the data subject. In the present case, the controller did not directly monitor data subjects in the UK. However, its services were offered in the context of (‘related to’) the monitoring undertaken by law enforcement agenc