Expert IP, Digital Media & Commercial Contracts Solicitor
Authorised international solicitors in IP, media & commerce. Experts in contracts, licensing, reputation & disputes.

Digital Media & IP Law Insights — Plus Practical Commercial Legal Guidance

Exploring internet, media and IP law — along with smart commercial, employment, and contract advice for growing businesses.

When I think of Frank Sinatra's "My Way," I see a connection to the main ideas behind intellectual property law. "My Way" embodies personal expression and an individual's journey through life, which parallels the concept of the ideas-expressions dichotomy in copyright law. It echoes the principle that music, literature, or art—can be copyrighted while allowing others to explore the same ideas without infringing upon that particular expression. Sinatra's anthem also celebrates uniqueness, which is reflected in the definitions of all of the varying types of intellectual property.

The Purpose of This Blog

The articles on this blog are all written or reviewed and edited by me Mr Peter Adediran, the Digital Media and Intellectual Property Solicitor at PAIL Solicitors. They are intended to empower the new generation of business executives, professionals, business owners and creatives who want to keep up with intellectual property, digital media and entertainment law in the digital age. Most importantly, empower the community of creatives who want to create works "their way". In today's rapidly evolving digital landscape, staying informed and increasing knowledge in specialised legal services is crucial for e-commerce and digital technology businesses. At PAIL® Solicitors, we understand the unique challenges start-ups, business owners, professionals, business executives, creatives, writers and talent face in protecting their intellectual property and navigating legal complexities. By reading this blog and engaging us as your legal representatives you can safeguard yours and your company's reputations, make informed financial decisions, and confidently expand into new markets by focusing on continuous learning and expertise in these areas.

This blog contains articles on the following themes:

  • Advice on Protecting Digital Content

Encouragement to Stay Informed and Protected

For creatives and businesses alike, staying informed about legal issues related to intellectual property is crucial. Knowledge is a powerful tool for safeguarding one’s work from infringement or misuse. We encourage individuals to engage with our resources, participate in discussions, and stay informed about developments in IP law.

Narrow Your Focus

Discover Insights :

The Disruption of AI: Navigating the Future of Data Ethics

Understand the Ethics of AI

The Disruption of AI: Scraping Data and Its Consequences

By Peter Adediran — International IP & Digital Media Lawyer | Founder, PAIL® Solicitors

Introduction

Artificial intelligence (AI) is no longer a theoretical disruptor; it is embedded in the machinery of modern life. Search relevance, recommendation engines, biometrics, law-enforcement tools, brand-protection workflows—many rely on training data sourced at internet scale. That reality has revived a deceptively simple question with complex legal consequences: if content is publicly accessible online, can it be scraped, repurposed, and used to train AI without consent or licence?

The Clearview AI story brought this tension into global focus. By collecting billions of facial images from the open web and indexing them for recognition, Clearview catalysed landmark scrutiny from regulators and courts across multiple jurisdictions. This article uses Clearview as a prism to examine the legal, cultural, and philosophical questions raised by AI data-scraping—and sets out a pragmatic, forward-looking strategy for organisations that want to innovate responsibly. Our thesis is simple: AI’s disruption is profound, but it need not be existential if governance, ethics, and law are integrated early.

Privacy, biometrics and lawful basis

Under the EU General Data Protection Regulation (GDPR), personal data is defined broadly and includes any information relating to an identifiable person. Even when the material is accessible on the open internet, controllers must have a lawful basis for processing under Article 6 GDPR and, for special categories such as biometric data, a condition under Article 9 GDPR (typically explicit consent or a narrow statutory gateway).

Facial images used for recognition purposes typically constitute biometric data. In practice, that means an organisation assembling image datasets for face-matching must either obtain explicit consent, fit a statutory exemption, or desist. “Public” does not mean “free for any purpose.”

The Clearview litigation has become a leading authority on how regulators view mass scraping of facial images:

Canada (Alberta): In Clearview AI Inc v Alberta (Information and Privacy Commissioner), 2023 ABKB 150, the Court upheld an order against Clearview under Alberta’s Personal Information Protection Act (PIPA), confirming that “publicly available” does not erase consent obligations and that the act can apply extraterritorially where there is a “real and substantial connection.” Summary commentary: McMillan LLP

Netherlands / EU: The Dutch Data Protection Authority (DPA) imposed a €30.5m fine on Clearview for unlawfully processing biometric data of EU residents. The decision underscores the GDPR’s reach over non-EU firms where EU data subjects are affected and stresses that scraping for face recognition lacks a lawful basis. Library of Congress (Global Legal Monitor)

In Europe, Recital 26 GDPR clarifies that the mere fact data is accessible online does not neutralise privacy rights; controllers must still respect principles of lawfulness, fairness, transparency, purpose limitation and data minimisation. Guidance from European authorities has repeatedly warned that platform visibility does not equate to consent to scraping for unrelated purposes.

The UK has also probed the extraterritorial application of UK GDPR to Clearview. See, for background filings, Privacy International’s skeleton argument in the ICO v Clearview matter (UK jurisdiction, territorial scope and enforcement).

The direction of travel is consistent: accessibility is not a free-for-all. Consent cannot be implied from the fact that a person once shared a photo; using images for biometric indexing is a different purpose with different risks.

Intellectual property, database rights and AI training

Beyond privacy, AI data-scraping engages copyright and sui generis database rights:

  • EU Database Directive (96/9/EC) grants database makers rights where there has been substantial investment in obtaining, verifying or presenting contents. Large-scale extraction for training can infringe those rights unless a licence or exception applies.
  • Copyright remains a live issue where scraped works are protected (images, text, audiovisual). While Authors Guild v Google, 804 F.3d 202 (2d Cir. 2015) found that search indexing and snippet display qualified as fair use in the US, training generative or recognition models on entire corpora raises qualitatively different questions about substitution, market harm and transformative purpose.

Authors Guild v Google, 804 F.3d 202 (2d Cir. 2015) — (case summaries widely available; for context see U.S. fair-use commentary via law reviews).

UK Text and Data Mining (TDM) Exception: The UK has signalled caution about expanding TDM exceptions for commercial AI training without robust safeguards. Rights clearance and licensing remain the conservative, risk-managed path, especially where training data contains copyrighted or database-protected content.

For counsel and product teams, the message is practical: inventory what you are training on, where it came from, and what rights you hold.

Cultural & Philosophical Impacts

Identity, surveillance and social trust

At cultural scale, AI scraping creates a new asymmetry of visibility. Individuals live part of their lives on the open web; algorithms harvest those traces to profile, predict and identify. The Dutch DPA, in sanctioning Clearview, underscored that the resulting biometric map risks constituting a surveillance infrastructure incompatible with fundamental rights. (See GDPR Hub summaries of EU decisions on Clearview for accessible overviews.)

The deeper concern is trust. If any public post might be captured into a recognition system or behavioural model, users will rationally self-censor, chilling participation. In democratic societies, that matters.

Consent has long been the moral backbone of data protection. Yet the scale and opacity of AI pipelines strain the concept: can users give meaningful, informed consent to uses they cannot see and purposes that did not exist when content was posted? Platforms have attempted to solve this with ever-longer terms; the law increasingly rejects boilerplate as a proxy for genuine choice.

As Shoshana Zuboff argues in The Age of Surveillance Capitalism (2019), the conversion of human experience into behavioural data commodifies autonomy itself. AI scraping makes that critique practical: the public/private boundary is no longer geographical or architectural; it is contextual. A photo posted to celebrate a milestone is not consent to enter a perpetual biometric index.

Disruption—without the doom

This is not a counsel of despair. Law evolves, and so do institutions. If companies adopt ethical design, explainability, and governance early—and regulators prioritise guidance and proportionate enforcement—the disruption becomes an inflection point rather than an existential threat. The prize is a market where trust is an asset, not a cost.

Strategic Implications for Legal Advisers & Businesses

Data-provenance audits and accountability

Start with the plumbing. For any AI-enabled product or programme:

  • Map data provenance: source URLs, collection methods, timeframes, terms of use, licences.
  • Classify data: personal vs non-personal; biometric/special category vs ordinary; copyrighted/database-protected vs freely licensable.
  • Establish lawful bases: GDPR Article 6 for general personal data; Article 9 for biometrics; record your Article 30 processing activities and DPIAs for high-risk processing.
  • Implement “clean rooms” for training: segregate sensitive or unlicensed content; restrict access; log transformations; retain reproducible pipelines.
  • Minimise and secure: apply purpose limitation, retention limits, and technical safeguards.

These steps transform compliance from a one-off checklist into an operational discipline.

Cross-border reach and regulatory sequencing

The modern reality is extraterritorial enforcement:

  • GDPR Article 3 applies to non-EU entities that target EU residents or monitor behaviour. UK regulators apply similar logic under UK GDPR. See PI’s skeleton argument in ICO v Clearview for how territorial scope is analysed: Privacy International (skeleton).
  • Canada (PIPA) and other regimes adopt “real and substantial connection” tests; Alberta’s judgment shows courts will not accept “we’re abroad” as a shield.
  • United States is increasingly active at state level (biometric statutes, consumer privacy laws). Contractual controls and technical design must anticipate a mosaic of rules.

Practical takeaway: treat jurisdictional mapping and enforcement sequencing as a standing board-level risk. Your policies, notices, contracts and engineering controls should anticipate where your product will be deemed to operate—not just where your servers sit.

Governance frameworks for ethical AI

Align your operations with emerging frameworks, notably the EU AI Act (harmonised rules for AI with risk-tiering and obligations for high-risk systems).

European Commission proposal.

A pragmatic governance stack:

  • AI & Data Ethics Board — cross-functional group (legal, engineering, product, security, policy) with authority to gate deployments.
  • AI Impact Assessments — risk classification; bias testing; human oversight design; red-team testing for model misuse.
  • Data Lineage & Auditability — document sources, licences, transformations; maintain reproducible training runs.
  • Contractual Safeguards — warranties on provenance; indemnities for IP/privacy claims; audit rights; termination triggers for non-compliance.
  • Transparency & User Controls — explain model uses; provide opt-outs where feasible; honour data subject rights at scale.
  • Monitoring & Incident Response — periodic reviews; drift detection; playbooks for regulatory inquiries and takedowns.

Turning compliance into competitive advantage

Compliance is a cost if treated as an afterthought; it becomes a moat when embedded in product strategy:

  • Trust as brand: customers (and regulators) reward vendors who can prove data lineage and risk controls.
  • Faster procurement: robust documentation and governance close enterprise deals quicker.
  • Licensing leverage: when you know what rights you need, you negotiate smarter—and avoid litigation hazards.
  • Innovation with confidence: governance lets teams push boundaries without tripping over red lines.

In other words: do the hard work once; benefit in every sale thereafter.

Conclusion: The New Frontier for IP & Data Rights

AI-powered data-scraping is redrawing the map where privacy, IP, and ethics intersect. The combined force of the GDPR, national privacy laws, and upcoming AI-specific regimes signals a paradigm shift: accountability by design. The cultural stakes are equally high. If the public square is to remain vibrant, people must trust that participation does not mean permanent capture by opaque machines.

Clearview’s global tour through regulators and courts supplies a cautionary tale—and a valuable blueprint. Accessibility does not equal legality; consent must be re-imagined for scale; jurisdiction reaches the conduct, not just the company address. But there is also opportunity: organisations that operationalise ethical AI today will set the standard tomorrow.

AI is not merely a tool; it is a mirror of our legal and moral maturity. The test for global institutions—courts, companies, regulators, creators—is whether we can evolve fast enough to balance progress with principle.

How will your organisation position itself in the era when scraped datasets, AI training and biometric rights become the new frontier of value?

Author Bio

Peter Adediran is the Founder and Managing Director of PAIL® Solicitors, a London-based boutique specialising in digital media, intellectual property, and technology law. A practising solicitor since 1999, he authored the UK’s first textbook on Internet Law (Kogan Page, 2002) and has since advised global enterprises, creatives, and regulators on the intersection of law, culture, and technology. His current focus includes the legal governance of artificial intelligence, cross-border data ethics, and the integration of trust frameworks in digital innovation. Peter frequently contributes to thought-leadership forums, podcasts, and educational programmes on AI law and cultural ethics.

Selected External References

Back to top ↑

AI & Technology Law, Data Protection & Privacy, Thought Leadership, Intellectual PropertyPeter AdediranAI Regulatory Compliance Lawyers, AI Data Ethics, AI Data Scraping, GDPR Compliance, Biometric Data, Clearview AI, Intellectual Property Rights Lawyer, Peter Adediran, Thought LeadershipComment