Clearview AI succeeds in jurisdictional appeal before the First-tier Tribunal

The First-tier Tribunal has given judgment in Clearview AI Inc v The Information Commissioner [2023] UKFTT 00819 (GRC).


The case concerned an enforcement notice and a £7.5 million Penalty Notice issued by the Commissioner to Clearview AI, an American facial recognition company, in May 2022. The Tribunal found that the Commissioner had no jurisdiction to issue either notice, on the basis that the GDPR/UK GDPR did not apply to the processing in issue. Accordingly, the Tribunal overturned both notices.

A more detailed case report will follow on Panopticon. In the meantime, the judgment can be found here.


Anya Proops KC, Christopher Knight and I acted for Clearview AI, instructed by Jenner and Block London LLP.


Timothy Pitt-Payne KC and Jamie Susskind acted for the Information Commissioner, instructed by the Information Commissioner’s Office.


Raphael Hogarth

Online safety – evening briefing on 3 October 2023

As foreshadowed in our post of 20 September 2023, we are pleased to announce an evening briefing session with leading data and internet specialists Anya Proops KC and Jamie Susskind on the Online Safety Act, arguably the most significant new law in a generation.

We have happily managed to secure a larger venue than expected for this event, and so there are still some places available. Please RSVP at if you wish to attend.

Date: Tuesday, 3rd October 2023
Time: 6:30 PM – 7:30 PM
Venue: IET London: Savoy Place, London WC2R 0BL
Delegate Charge: This event is free of charge

11KBW Information Law Conference 2023 *DATE ANNOUNCED*

We are delighted to announce our Information Law Conference will be taking place on 24 April 2023.

11KBW’s market-leading specialists to provide insights and updates across the information law spectrum.

Click here to view the conference programme.

Conference details

Date: 24 April 2023

Registration from: 9.00am

Duration of Conference: 9.30am – 3.30pm

Drinks Reception from: 3.30pm – 5pm

Venue: Royal College of Surgeons, 38-43 Lincoln’s Inn Fields, London, WC2A 3PE

Cost: £199 + VAT per person.

To book a place please email

Bloomberg v ZXC – the Supreme Court decides

The central question for the Supreme Court in Bloomberg v ZXC [2022] UKSC 5 was, as Lords Hamblen and Stephens put it (with Lord Reeds, Lloyd-Jones and Sales agreeing): “whether, in general, a person under criminal investigation has, prior to being charged,  a reasonable expectation  of  privacy  in respect  of  information  relating  to  that  investigation”. The short answer was “yes”.

Continue reading

Anya Proops QC wins Media, Defamation, Privacy and Data Protection Silk of the Year at the Chambers Bar Awards 2021

We are thrilled to announce that Anya Proops QC  was a winner at the Chambers Bar Awards held on the 18th of November.  The awards are based on Chambers’ research for the 2022 edition of Chambers Bar and reflect notable achievements over the past 12 months including outstanding work, impressive strategic growth and excellence in client service. We would particularly like to thank all of our clients for their continued loyalty and support and we are delighted to share these awards with you.

Government reveals plans for post-Brexit data regime

In the last few days, the UK government has begun a public consultation on its plan to reform data protection legislation in the wake of Brexit entitled Data: A new direction. It says the aim is to create a more “pro-growth and pro-innovation” regime to achieve what the (now former) DCMS Secretary Oliver Dowden dubbed a “data dividend” for the British economy.

As regular Panopticon readers will know, the UK’s data protection regime has principally been driven by the EU framework – most recently in the form of the GDPR. Following the end of the Brexit transition period from January 2021, the GDPR (which during the UK’s membership of the EU had direct effect) was transposed into domestic law with minor changes. This means there is now the ‘EU GDPR’, in force across the 27 Member States, and the ‘UK GDPR’ which is applicable in the UK.

Even before the UK GDPR came into force in January 2021, however, the government had stated its intention to diverge from EU data protection law as part of its National Data Strategy, at least to some extent. These proposals are the first concrete step in that direction. Continue reading