![[2025] UKUT 319 (AAC)](https://backend.juristeca.com/files/emisores/logo_3a2BKne.png){kind=logo}
Would regulation of Clearview’s data processing breach comity principles?
Would regulation of Clearview’s data processing breach comity principles?
As discussed in [62] to [71] above, the law provides for immunity applying not only to states but also to “separate entities”, which may be private companies.
However, we have been directed to no specific authority for the proposition that any species of comity principle extends more generally to provide immunity to a private company providing a service to a state body, even in the course of “quintessentially state activities” such as national security or criminal law enforcement, where those services are provided independently on a commercial basis, and not as a servant or agent of the state, or otherwise in exercise of sovereign authority. While Ms Proops placed some emphasis upon the Court of Appeal’s decision in Koo, in that decision, state immunity was found to apply on the basis of an agency relationship between the bullion bank and the central bank, as we explained earlier. The case affords no support for the proposition that state immunity may apply to a private company that is neither the servant, nor the agent, of the body with sovereign authority. Insofar as Ms Proops also drew attention to Lord Sumption’s reference in Belhaj to this being a “subject matter immunity”, we have explained the context in which this was said at [65] above.
Ms Proops disavowed any suggestion that Clearview was itself carrying out state activities, that it should be treated as if it were a state body, or that it should be considered to be “standing in the shoes” of its clients. Neither did she claim Clearview to be the servant or agent of its foreign state clients. Indeed, the way Ms Proops put Clearview’s case on whether its processing was “related to” behavioural monitoring by its clients for the purposes of Article 3, placed substantial emphasis on Clearview’s independence from its clients.
Rather, Ms Proops argued Clearview’s case on the basis of her intersectional construction of Article 2(2)(a). She reasoned that this was intended to exclude operators in situations like Clearview’s from the scope of regulation out of an abundance of respect for comity principles, rather than because public international law demands it. As explained above, we reject that intersectional construction.
- Heading
- The decision of the Upper Tribunal is to allow the appeal The decision of the First-tier Tribunal made on 17 October 2023 was materially in error of law. It is SET ASIDE under section 12(2)(a) of the Tribunals, Courts and Enforcement Act 2007 (“TCEA
- REASONS FOR DECISION
- Introduction
- The decision under appeal
- A summary of the relevant factual background
- The FTT’s decision
- The FTT’s findings of fact
- The FTT’s conclusions
- The issues in this appeal
- Appeal ground 1
- Appeal ground 2
- Appeal ground 4
- Additional Reason 1
- The scope of the appeal - admitting the additional reasons arguments for consideration
- Permitting Privacy International to intervene in the appeal
- Permitting Clearview to rely on a written reply to Privacy International’s skeleton argument
- Reliance on the evidence filed by Privacy International
- Reliance on legal arguments not raised before the FTT
- Legal framework
- Relevant legislative provisions
- The GDPR
- The UK GDPR
- “Article 2 This Regulation applies to the automated or structured processing of personal data, including
- 1A. This Regulation also applies to the manual unstructured processing of personal data held by an FOI public authority This Regulation does not apply to
- “Article 3
- The 95 Directive
- The Law Enforcement Directive
- State immunity and foreign act of state
- Material scope: the caselaw
- Territorial scope: the caselaw
- The Travaux in respect of the GDPR
- The EDPB Guidelines
- Data subjects in the Union
- The burden of proof in appeals against ICO Notices
- Analysis
- The parties’ positions on material scope in brief
- What the FTT decided in relation to Article 2(2)(a)
- General approach to construction of the GDPRs
- Domestic authorities on comity, extra-territoriality and utility
- EU authorities on extra-territorial effect and comity
- Certainty and foreseeability
- Proportionality
- EU law authorities on the construction of Article 2(2)(a) of the GDPR
- Relevant comity principles
- Our construction of Article 2(2)(a)
- Analysis of Clearview’s proposed intersectional construction
- Alternative analysis based on the ICO’s construction
- Would regulation of Clearview’s data processing breach comity principles?
- Article 3(2)(b) GDPR: territorial scope
- What was the policy objective behind Article 3(2)(b)?
- The meaning of “related to” in Article 3(2)(b)
- The meaning of “behavioural monitoring” in Article 3(2)(b)
- Ground 1
- Ground 2
- Ground 3
- Ground 4
- Clearview’s Additional Reasons
- Additional Reason 1
- Additional Reason 2
- Additional Reason 3
- Additional Reason 4
- Conclusions