[2025] UKUT 319 (AAC)

Ground 2 raises the issue whether the FTT erred in law in finding that Clearview itself was excluded from the material scope of the GDPR under Article 2(2)(a). For the avoidance of doubt, this is a free-standing ground of appeal that arises even if we are wrong to hold, as we have done immediately above, that there was insufficient evidence before the FTT to support a conclusion that the processing undertaken by Clearview’s private sector clients falls outside the scope of regulation.

As we indicated earlier, the ICO argued four sub-grounds:

Mr Pitt-Payne argued Ground 2 in broad terms as the FTT concluding, without proper explanation, that Clearview’s own processing fell outside the material scope of the GDPR. Mr Pitt-Payne argued that even if the FTT was correct to conclude that Clearview’s clients fell outside the material scope of the GDPR, it did not follow from this that Clearview’s own processing also fell outside its material scope. At the heart of Ground 2 was the proposition that Clearview is not a foreign state, it is a private company, and nothing in the processing that Clearview itself carried out made it suitable only for being used in conjunction with state functions.

We have already decided, consistent with the arguments Privacy International put forward, that the words “outside the scope of Union law” in Article 2(2)(a) GDPR, relate to the division of responsibilities between the Union and its Member States: see [190] to [194] above. It follows from this interpretation that the FTT erred in law when it found that Clearview’s own processing fell within the exception to material scope set out in Article 2(2)(a).

As with Ground 1, we have considered whether the FTT reached the right conclusion for the wrong reasons. For the reasons set out in [217] to [219] above we are satisfied that there was no basis in law for concluding that Clearview’s own processing was beyond the material scope of the GDPR.

Accordingly, even if our construction of Article 2(2)(a) is wrong, and the ICO’s construction that the wording applies to all matters that are without the competence of the Union, is to be preferred, this makes no practical difference because the same consideration of comity principles comes into play, whether in interpreting the words of Article 2(2)(a) or by independent operation of international law principles.

For completeness, we turn to Mr Pitt-Payne’s four specific sub-grounds advanced under this Ground. We consider sub-grounds 1 and 2 overlap to a sufficient extent that it is appropriate to deal with both together. Both sub-grounds are about the adequacy of the FTT’s reasoning to support its conclusion that Clearview’s processing fell outside the material scope of the GDPR.

Mr Pitt-Payne argued that the FTT effectively assimilated processing by Clearview with processing by its clients and [154] of the FTT’s decision effectively jumped without explanation from reasoning that Clearview’s clients were outside the material scope of the GDPR, to concluding that Clearview’s own processing was outside scope.

Ms Proops argued that the reasoning at [154] was concise but adequate, given that the FTT had made core findings about Clearview’s clients and their functions. She argued that [154] amounted to a conclusion that Clearview’s processing sufficiently intersected with its clients’ state activities that it could be regarded as falling outside the scope of Union law. Ms Proops argued that the FTT’s reasoning in [154] relied on cumulative reasoning, including at [146] and [147] of the decision. She argued that this had to be the case because no one had argued that Clearview was itself performing state functions or stood in its clients’ shoes (and it would have been misconceived to do so).

As explained at [218] above, Ms Proops confirmed that Clearview did not put forward its case below on the basis that its own processing was outside material scope as a result of Article 2(2)(a). Ms Proops explained that Clearview’s case had been that its Service was used exclusively in furtherance of the discharge of foreign state functions but focused on the territorial lens of Article 3(2)(b) rather than the material scope lens of Article 2(2)(a).

We agree with Mr Pitt-Payne’s arguments. We have already described the paucity of the FTT’s reasoning on material scope at [141], and [144] to [147] above. [154] of the FTT’s decision appears to recite the statutory position rather than explain a conclusion. As we noted earlier, the FTT started its reasoning at [154] with “We have concluded for all these reasons…”. This suggests that there was earlier reasoning in the FTT’s decision that went to this specific issue. We have, however, been unable to identify any clear reasoning by the FTT about what followed from the factual findings it made about Clearview’s own processing activities that allowed it to reach that conclusion. While [155] of the FTT’s decision appears to provide additional reasoning for the conclusion at [154], once again, the substance of that paragraph is addressed to what the FTT had decided about Clearview’s clients, not Clearview itself.

Even if the FTT decided the appeal on the basis of an analysis that was not put forward by any of the parties, the reasoning the FTT provided did not address Clearview’s own activities or explain how it concluded that they fell outside the material scope of the GDPRs.

We conclude that the FTT’s reasoning focused substantially on the position of Clearview’s clients, without addressing adequately why Clearview’s own processing was found to fall outside scope.

Sub-ground 3 of Ground 2 is that the FTT reached a conclusion about the test for material scope that required reading into the provision additional wording to the effect that the processing by Clearview’s clients must fall within the material scope of the GDPR before it can be concluded that Clearview’s own processing can fall within it. We address this point in the context of Clearview’s Additional Reason 2 in [331] to [344] below.

Sub-ground 4 of Ground 2 is that the FTT’s analysis would create an anomaly or lacuna in the data protection framework. In summary, Mr Pitt-Payne’s argument was that the FTT’s construction of Article 2(2)(a) would, if applied to Article 2(2)(d) of the GDPR, result in an absurd outcome. If Clearview provided its services to a UK law enforcement body, that body would be outside the material scope of the GDPR under Article 2(2)(d). However, that body’s processing of personal data would be regulated under the Law Enforcement Directive (see [60] to [61] above). Clearview would not, however, fall within the definition of a competent authority and therefore its processing would not be regulated at all.

In light of the clear conclusion we have already reached on the broader issue of what Article 2(2)(a) means, we do not consider it necessary to reach a particular conclusion about this alleged absurdity.

We have therefore decided that the FTT made material errors of law in: