According to Cointelegraph, U.S. surveillance and facial recognition firm Clearview AI has won a court appeal in the United Kingdom after being accused of alleged infractions related to the U.K’s general data protection regulation (GDPR). Originally, the company was fined nearly $10 million for breaches of the U.K.’s GDPR in May of 2022. The recent victory will see that fine rescinded unless the U.K.’s Information Commissioner’s Office (ICO) further appeals the ruling.

Per a U.K. court tribunal led by Tribunal Judge Lynn Griffin, whether Clearview AI ran afoul of GDPR is immaterial due to the jurisdictional limits on applying GDPR to foreign companies. According to court documents released Oct. 17, the U.K’s ICO doesn’t have the jurisdiction to offer GDPR protection to its citizenry in this case. In essence, it appears as though the appeal’s approval sets a legal precedent wherein the U.K. court system’s stance on enforcing GDPR has been relegated to only those companies firmly within the U.K.’s purview.

In contrast, Clearview AI has been sued and fined multiple times in Europe via the E.U. 's GDPR with fines being levied in France, Italy, and Greece. In Sweden, the local police authority was fined more than $300K for its illegal use of Clearview AI products in 2021. However, regarding these and other judgments, Clearview AI has managed to avoid following the court’s orders in at least some instances. Despite, for example, being fined $20 million for GDPR breaches in France in October of 2022, the company refused payment and was found in breach of that order as of May of 2023.

Currently, Clearview AI holds what appears to be a unique position within the U.S. tech ecosystem. Despite continuing allegations that its software and services violate civil rights and privacy protections afforded all U.S. citizens, the company’s close ties with law enforcement have, according to some experts, afforded it a level of protection inconsistent with U.S. laws against unwarranted surveillance and the Fourth Amendment to the U.S. Constitution. As such, it is nearly impossible for most people to have their data removed from the company’s datasets and systems. Individuals outside of certain U.S. states have, so far, no explicit recourse to have their images, likeness, and other data removed from the company’s dataset.