this post was submitted on 20 Oct 2023
92 points (96.9% liked)

Privacy

31993 readers
556 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Related communities

Chat rooms

much thanks to @gary_host_laptop for the logo design :)

founded 5 years ago
MODERATORS
 

"A company which enables its clients to search a database of billions of images scraped from the internet for matches to a particular face has won an appeal against the UK's privacy watchdog.

Last year, Clearview AI was fined more than £7.5m by the Information Commissioner's Office (ICO) for unlawfully storing facial images.

Privacy International (who helped bring the original case I believe) responded to this on Mastodon:

"The first 33 pages of the judgment explain with great detail and clarity why Clearview falls squarely within the bounds of GDPR. Clearview's activities are entirely "related to the monitoring of behaviour" of UK data subjects.

In essence, what Clearview does is large-scale processing of a highly intrusive nature. That, the Tribunal agreed.

BUT in the last 2 pages the Tribunal tells us that because Clearview only sells to foreign governments, it doesn't fall under UK GDPR jurisdiction.

So Clearview would have been subject to GDPR if it sold its services to UK police or government authorities or commercial entities, but because it doesn't, it can do whatever the hell it wants with UK people's data - this is at best puzzling, at worst nonsensical."

all 20 comments
sorted by: hot top controversial new old
[–] tillimarleen@feddit.de 20 points 1 year ago (3 children)

so if I go to Britain, rob a home, take the loot out of the country and sell it there, it‘s all good?

[–] skullgiver@popplesburger.hilciferous.nl 6 points 1 year ago* (last edited 11 months ago) (1 children)

[This comment has been deleted by an automated system]

[–] mozzribo@leminal.space 2 points 1 year ago

But as long as the data acquisition as a process and storage happens on UK territory, isn't it still illegal? Isn't it like saying I'm robbing a bank but since I wired the funds into a Swiss safe, I'm good?

Only if you're doing so in an official governmental capacity for your country.

The article is basically that they won the appeal because they only provide services to governments and law enforcement (having previously withdrawn their services to businesses because they lost a lawsuit in the USA)

[–] andthenthreemore@startrek.website 7 points 1 year ago (1 children)

So Clearview would have been subject to GDPR if it sold its services to UK police or government authorities or commercial entities, but because it doesn't, it can do whatever the hell it wants with UK people's data - this is at best puzzling, at worst nonsensical.

While on an individual law level it's extremely frustrating the article has a quote which makes perfect sense.

it is not for one government to seek to bind or control the activities of another sovereign state

If that wasn't a concept in law any country could pass any law in and expect it to apply internationally.

[–] Waltzy@feddit.uk 1 points 1 year ago* (last edited 1 year ago) (2 children)

Wouldn't a UK court only concern itself with the activities of a company operating in the UK? If this company does not operate in the UK I'm surprised it's got far enough to need overturning

[–] OhNoMoreLemmy@lemmy.ml 1 points 1 year ago* (last edited 1 year ago)

Because it operates on the data of UK residents.

The internet has made everything really weird in terms of jurisdictions. You can have photos of UK citizens taken in the UK and stored on a UK server, and if a company from somewhere else scrapes the data without permission and moves it out the UK, that doesn't obviously mean that it's now fine to use for whatever.

Now of course the law has to have some jurisdictional limits, but it's not surprising that there has been some disagreement about where they are.

It's because it's the data protection act which is the UK implementation of GDPR.