Report from Courthouse News
In Brief – Austrian data privacy advocacy group Nyob (None of Your Business) announced that it filed a criminal complaint with Austrian authorities aiming to have executives of US-based facial recognition firm Clearview AI held personally liable for amassing an allegedly illegal database of billions of photos of faces. Clearview AI, which describes itself as a search engine for faces posted online, developed its facial recognition technology using images gathered from social media websites. The service is now sold almost exclusively to law enforcement and government agencies. After the company burst onto the scene in 2020, privacy regulators in many countries, including several in Europe, fined the firm for violating national privacy and data protection regulations, including the EU’s General Data Protection Regulation. Noyb calls on Austrian prosecutors to hold Clearview AI’s corporate leadership personally liable and even send them to jail.
Context – Until OpenAI made Chat-GPT available, Clearview AI was the most notorious AI start-up. Although a small enterprise, it built facial recognition technology that outperformed giants like IBM, Microsoft, and Google. Under pressure from regulators, the company drastically pared back its business aspirations, agreeing to limit sales to government authorities, primarily in the US. Fights over extraterritorial jurisdiction of national laws regulating digital platforms are certain to grow as regulators attempt to enforce rapidly proliferating online regulations on small, entirely remote digital firms. For example, 4chan has filed suit in US federal court to block enforcement of the UK Online Safety Act on its business, arguing that it has no operations in the country. The UK’s Upper Tribunal recently rejected that argument from Clearview AI and sided with the UK Information Commissioner’s Office that the company was subject to the British GDPR. In the EU, the GDPR is primarily a civil law, but it does allow Member State privacy authorities to impose criminal penalties for certain violations of the regulation. If a US company executive is arrested for violating the law, it will accelerate the extra-territorial jurisdiction controversy.