The fact that Clearview have such a comprehensive database in the first case is rather unnerving. Shouldn't there have been some sort of legislation to stop them? One private company having access to this information is not a good idea.
There's nothing really stopping anyone making such a database considering as I understand they just scraped faces from the public internet. There's no proof they were colluding with anyone.
For example, you could scrape and download every single public tiktok video and use that data as you see fit, if you can access it via a web browser it's fair game these days.
Probably can’t sue for damages if you can’t prove damages, and probably can’t sue for statutory damages if you can’t prove they’ve got your IP (since it’s their database is an opaque box to you and me).
I think the process of recovering damages should be standardized, like it is for music recordings: A fixed, but fairly stiff, penalty per offense. This would encourage bounty hunters to go after offenders, and split the proceeds with the owners. The act of offering to sell or share personal information would be interpreted as "intent," and automatically triple the damages.
That's an interesting position that is at least in dispute [1][2]. My prior based on how companies behave is that they are indeed in violation of the GDPR.
