Information Commissioner’s Office fines facial recognition company Clearview AI more 7,552,800 pounds and orders data be deleted

May 24, 2022

The UK Information Commissioner has imposed a significant fine of £7,552,800 on Clearview AI for illegally collecting personal data of UK residents. The facial images of UK residents were scraped from the internet and fed into Clearview’s database where, with the aide of artificial intelligence, it could use that data to identify those people and monitor them.

Clearview AI continues to maintain that it has done nothing wrong, saying that its technology and intentions have been “misinterpreted.” and claimed that Clearview AI is not subject to the ICO’s jurisdiction.

Clearview has already been the subject of act ion by other regulators. In March 2022 the Italian data protection agency fined Clearview €20 million penalty for breaches of EU law.  In December last year France’s data watchdog, CNIL,found that Clearview had committed two breaches of the the GDPR.    Similarly in February 2021 Canadian privacy commissioners stated that Clearview violated Canadian Privacy laws .  In the United States Cook County, effectively Chicago, and Clearview entered into agreement in settlement of a suit whereby Clearview has agreed to stop providing its technology to most private clients and doing business in Illinois

The use of facial recognition technology by police, is belatedly being scrutinised Read the rest of this entry »

Linklaters LLP Linklaters Business Services Intended Claimants v Frank Mellish [2019] EWHC 177 (QB): breach of confidence, injunctions

March 4, 2019

Mr Justice Warby in Linklaters LLP Linklaters Business Services Intended Claimants v Frank Mellish [2019] EWHC 177 (QB) considered an application for injunctive relief regarding a breach of confidence action.  The information was sensitive but not commercially sensitive in the strict sense of the word. The decision does demonstrate the relative flexibility of the principles applied to more unusual fact situations.


The claimants are:

  • the multi-national law firm Linklaters; and
  • the company through which Linklaters employed its UK-based employees (“LBS”).

Read the rest of this entry »

Pippa Middleton & anor v Person Unknown or Persons Unknown [2016] EWHC 2354 (QB); injunction, misuse of private information, breach of copyright, Human Rights Act sections 8, 10 and 12

September 29, 2016

Yesterday in Pippa Middleton & anor v Person Unknown or Persons Unknown [2016] EWHC 2354 (QB)  Mrs Justice Whippie continued an injunction made on 24 September 2016 prohibiting the publication of photographs hacked from Pippa Middleton’s iCloud account.  The media reports that Read the rest of this entry »

Department of Justice, Northern Ireland receives a 185,000 pound monetary penalty notice from the Information Commissioner for disclosing sensitive information

February 13, 2014

Anyone who has been part of a big organisation when it moves to new premises knows how complex and difficult it can be.  Not only does each worker’s files have to be secured and furniture and computer equipment marked but the organisations myriad other stores of documents, records not to mention the more prosaic items from the tea room and the bosses drinks cabinet have to be marked, packed, moved and unpacked in vaguely the right place in the new premises.  Things can go awry when the planning is defective and the execution is sloppy.  As the Compensation Agency Northern Ireland (“CANI”), an administrative unit of the Department of Justice, discovered when it lost control of a mass of sensitive files left in a filing cabinet which it had sold at auction.  Net effect was a £185,000 monetary penalty notice issued by the Information Commissioner’s Office on 14 January 2014 (found here).


CANI moved offices from Royston House in February 2012.  It decided to sell  any marketable furniture surplus to requirements at auction [4]. A locked four drawer filing cabinet was then taken out of storage in Royston House, without  its contents being checked,  sent to a shared storage room used by CANI to temporarily store all kinds of office furniture prior to its disposal. It was provided to a local auctioneer for a valuation, again without checking its contents. Apparently the key to the filing cabinet had been mislaid [5]. On 12 March 2012 it was  transported to the local auction and sold to a buyer.  The buyer then forced the lock and discovered that it contained official looking papers dating from the mid 1970’s to 2005.  The Police were called who took possession of the papers and returned them to CANI [6].

The official papers contained

  • a limited amount of confidential, ministerial advice; and

UK Ministry of Justice fined following a serious data breach

October 22, 2013

The UK Information Commissioner has served the Ministry of Justice with a £140,000 monetary penalty after a data breach involving it sending details of all prisoners serving at a Cardiff prison to three of the inmate’s families.

The ICO press release (found here) provides:

MoJ fined £140k following serious data breach

The Information Commissioner’s Office (ICO) has served the Ministry of Justice (MoJ) with a monetary penalty of £140,000 after a serious data breach Read the rest of this entry »

UK Ministry of Justice releases statistics on privacy injunctions January to June 2013

September 20, 2013

As the ALRC (further) inquiry proceeds on at a relatively relaxed pace on whether there should or should not be a statutory right to privacy and if so what form it should take the UK jurisprudence has developed to the point where there are established principles governing the grant of injunction on privacy related matters.  The grant of super injunctions caused considerable controversy and disquiet in the media.  More importantly there was concern about their efficacy and enforcement. The process has been amended signficiantly and the Court has been more restrained in its use.  The use of privacy injunctions are now  more effective and less controversial.

Notable featurs of the report are that there were

Bank of Scotland receives £75,000 penalty after customers’ accounts details repeatedly faxed to wrong recipients

August 9, 2013

The Information Commissioner’s Office has served the Bank of Scotland with a monetary penalty for wrongly and repeatedly faxing personal information, to unintended recipients.

The penalty notice relevantly provides (found here):

Bank of Scotland pic is the data controller, as defined in section 1(1) of the Data Protection Act 1998 (the “Act”), in respect of the processing of personal data carried on by Bank of Scotland pie and is referred to in this notice as the “data controller”. Section 4(4) of the Act provides that, subject to section 27(1) of the Act, it is the duty of a data controller  to comply with the data protection principles in relation to all personal data in respect of which it is the data controller.

 The Act came into force on 1 March 2000 and repealed the Data Protection Act 1984 (the “1984 Act”). By virtue of section 6(1) of the  Act, the office of the Data Protection Registrar originally established by section 3(1) (a) of the 1984 Act became known as the Data Protection Commissioner.  From 30 January 2001, by virtue of section 18(1) of the Freedom of Information Act 2000  the Data Protection Commissioner became known instead as the Information Commissioner (the “Commissioner”).

 Under sections 55A and 55B Read the rest of this entry »

ICO fines Nursing and Midwifery Council

February 22, 2013

On 12 February the ICO  issued the Nursery and Midwifery Council a £150,000 fine for breaching the data Protection Act.

The council lost three DVDs related to a nurse’s misconduct hearing, which contained confidential personal information and evidence from two vulnerable children. The  ICO  found the information was not encrypted.

According to the ICO press release David Smith, Deputy Commissioner and Director of Data Protection, said:

“It would be nice to think that data breaches of this type are rare, but we’re seeing incidents of personal data being mishandled again and again.
While many organisations are aware of the need to keep sensitive paper records secure, they forget Read the rest of this entry »

ROCKNROLL v NEWS GROUP NEWSPAPERS LTD [2013] EWHC 24: misuse of private information, privacy, restraining publication of photographs

January 19, 2013

On 17 January 2013 Mr Justice Briggs, sitting in the High Court Chancery Division, published his reasons in  RocknRoll v News Group Newspapers Ltd granting an interim injunction restraining News Group Newspaper from publishing photographs of Edward RocknRoll (the “claimant”).  See my post on the reportage here.


In July 2010 the claimant attended a private fancy dress party to celebrate the 21st birthday of his then wife’s sister at her parent’s private estate [1].  Another guest at the party took photographs of the claimant (“the Photographs”), some of which showed him partly naked. The Photographs were posted on the photographer’s Facebook page where they could be viewed by his 1,500 “friends”, until subsequent changes to the Facebook settings resulted in them being made accessible to the general public (unbeknownst to the photographer).  Since the Photographs were taken the claimant divorced his first wife and married Kate Winslet, an actress [2].  The Photographs came to the attention of the defendant at the beginning of January 2013 [3] and it:

“..wishes to publish the Photographs, together with a description of their contents, in the Sun newspaper, and notified the claimant of its intention to do so, albeit not the source of the Photographs… it intended to pixillate the part of any published photographs which showed the lower half of the Claimant’s body.”


At [5] his Honour set out the general principles applicable in considering an application for injunctive relief against misuse of private information in the Read the rest of this entry »

Verified by MonsterInsights