[swyx]

> "Clearview AI does not have a place of business in the Netherlands or the EU, it does not have any customers in the Netherlands or the EU, and does not undertake any activities that would otherwise mean it is subject to the GDPR," he said.

what limits do we place on countries randomly being able to make supranational claims like this? do you want every online business checking the passport of their customer? because sure this case is fine but its a pretty dangerous precedent to accept without limits. for all its good intentions, GDPR has also resulted in cookie banner spam on the rest of us.

as with all government power - u may be fine when its used against things you dont like, but try to imagine when its used to against things you do...

[piva00]

> do you want every online business checking the passport of their customer?

Is the business selling to a EU citizen? If so they have to deal with the rights that citizen has.

If a company in some fictitious jurisdiction where fraud is not a crime defrauds an American citizen, should they not face American justice for it? It might be they don't have legal representation in the USA but that shouldn't stop an American citizen on bringing the issue to authorities to deal with.

It's not random, if you make business with someone in the EU or deal with the information of someone in the EU then you need to follow EU's regulations. Can't do that? Don't deal with EU's citizens data or business, it's pretty simple.

I really don't think this is a hard concept to grasp.

[brainwad]

If you run a company in a foreign country, then the laws of that country apply of course. Why should it be different just because they have scraped internet data containing images of Euroepeans? If that's legal in the home country of the business (as it would in, say, America) then its none of the EU's business.

Imagine the reverse, if China was fining European companies for not censoring CCP-offensive terms on the internet. Or America was fining them for dealing with US-blocklisted entities like Iran.

[piva00]

> If that's legal in the home country of the business (as it would in, say, America) then its none of the EU's business.

The data pertain to EU's citizens, that is covered under the GDPR, if your business deal with private data from EU's citizens you are under the GDPR even if you don't operate in the EU (such as the case of Clearview). Of course, without an office/representation in the EU it's impossible for the EU to collect the fines and apply other punishments, still the business will be judged under the terms of the GDPR in the EU.

It's the business of the EU since the data is from EU's citizens. Like I mentioned before, if a business was defrauding people (i.e.: identity theft) in the USA while operating outside of the USA, the American justice system has all the prerogative to defend its citizens rights even if it wasn't possible to stop the operation, collect fines, etc. There would be an investigation, there would be a prosecution and eventual punishment. Depending on how egregious the rights violating behaviour was it could escalate into the international sphere.

It's the same case here, Clearview AI is processing private data from EU's citizens even if outside of the EU it is against EU laws.

> Or America was fining them for dealing with US-blocklisted entities like Iran.

The USA does punish companies outside of the USA for dealing with US-blocklisted entities, how the hell do you think sanctions work? Why do you think most of the world avoid dealing with Iran, North Korea, etc.?

Clearview has been targeted before by other DPAs in the EU [0][1][2][3][4].

[0] https://www.edpb.europa.eu/news/national-news/2022/french-sa...

[1] https://www.edpb.europa.eu/news/national-news/2022/facial-re...

[2] https://noyb.eu/sites/default/files/2021-01/545_2020_Anh%C3%...

[3] https://www.imy.se/globalassets/dokument/beslut/beslut-tills...

[4] https://www.edpb.europa.eu/news/national-news/2023/decision-...

[amy-petrik-214]

I think there is merit to both side of the argument here.

On the one hand, yes, each nation can stick to their lane. Who is to say their rules and culture and regulations are "correct". Undefined. That another nation may well believe themselves to be the correct one. Under that principle it's wrong to go nosing about other nations. The example of CCCChinaCCCP's arm reaching out censorship wise was made here.

On the flipside, the defending of one's nation's citizens against foreign obnoxiousness is well reasonable. For example, if USA did a better job defending against scammers from India, I think we'd all be happier for it. Now, is India right/correct in believing spam calling is a god given human right to be embedded into their own bill of rights? I don't know, but what I do know is US citizens would be happier if US defended there interests here, as the EU is doing for his citizens.

[hcfman]

So does that mean it’s intelligence services never get a face match done ?

How would you know if they have no customers here, do you think their intelligence services would tell you ? In the past the head of Dutch intelligence lied to the government about mass surveillance. Even if it was true, guaranteed they would simple send their photos to American counterparts to run.

This is just democracy theatre in reality.

[mikae1]

> what limits do we place on countries randomly being able to make supranational claims like this?

Randomly? EU or other nations act because their citizens have their rights violated. I assume Clearview has collected Dutch faces en masse and thereby violated laws.

Obey by GDPR or don't deal with the data of EU citizens.