This is an interesting storyline to watch unfold. It is not in itself unusual for the ICO to protect UK data subjects and impose fines for breaches of regulations. This enforcement activity, however, and whatever fine may be imposed, will be against a company not actually operating and/or based in the UK.
Clearview has already been fined in its native Australia, but is appealing the findings there. It will be interesting to see (1) whether the ICO will set a precedent to fine companies who use UK data subjects data from afar so to speak and (2) whether the ICO may diverge from any final position taken in Australia. Any divergence between the regulators’ approaches, is likely to give rise to risk-taking businesses adopting a process of regulatory arbitrage between different jurisdictions, and risks a “race to the bottom” as operators locate themselves in areas which are perceived to have more benign regulatory regimes.
Such a development will only serve to exacerbate the recent trend of mistrust when it comes to facial recognition tools. More work to raise awareness of the way in which facial recognition tools operate will be needed to balance the public's legitimate concerns against the benefits that can be achieved by using facial recognition technology responsibly.
Facial recognition firm faces possible £17m privacy fine