A federal appeals court has overturned the class-action settlement that would have given millions of people a potential financial interest in Clearview AI, the facial-recognition company accused of collecting their biometric information without permission.
The July 13, 2026, decision does not establish that Clearview violated biometric privacy law. Nor does it permanently reject the unusual settlement structure negotiated by the company and class counsel.
Instead, the U.S. Court of Appeals for the Seventh Circuit found a fundamental defect in how different groups of class members were represented.
Under the proposed settlement, Illinois residents would have received ten settlement shares. Residents of California, New York, and Virginia would have received five shares. People who belonged only to the nationwide class would receive one share.
Yet every class representative who approved that allocation also belonged to one of the more favorably treated state classes. Nobody represented only the nationwide group receiving the smallest recovery.
The Seventh Circuit concluded that class members receiving the greater benefits could not simultaneously represent those receiving substantially less. It vacated the district court’s approval and returned the case to federal court in Illinois for further proceedings.
The result means the parties may negotiate a revised settlement, appoint separate representation for the nationwide class, pursue further litigation, or propose a materially different resolution.
For Clearview, however, the appellate ruling does more than reopen a class-action settlement.
It brings renewed attention to one of the most consequential privacy controversies of the modern surveillance economy: whether photographs placed on the public internet can be collected at enormous scale, converted into permanent biometric identifiers, and placed inside a facial-search system without the knowledge or consent of the people depicted.
The Settlement Was Based on Clearview’s Future Value
The proposed agreement was unlike a conventional class-action settlement.
Clearview was not offering an immediate cash fund capable of paying substantial damages to the potentially enormous class. According to the appellate opinion, initial negotiations failed because Clearview was an undercapitalized company that could not make the large immediate payment sought by the plaintiffs.
The parties eventually developed a settlement based on what amounted to a future equity interest in Clearview.
If Clearview completed an initial public offering, merger, consolidation, or sale, the class would become entitled to a payment equivalent to a 23% stake in the company as measured under the settlement.
A court-appointed settlement master would also have alternatives. The settlement interest could be sold to a third party at a commercially reasonable price, or the settlement master could demand an amount based on 17% of Clearview’s qualifying revenue accumulated during the applicable period.
At a previously reported company valuation of approximately $225 million, the 23% interest was described as being worth about $51.75 million. But that value was theoretical.
Clearview could increase in value, making the class interest worth more. It could fail, enter bankruptcy, never go public, or never complete a qualifying transaction, making the interest worth considerably less—or potentially nothing.
The structure reflected a practical litigation problem: even a class with potentially valuable legal claims may recover little if the defendant lacks sufficient assets to satisfy a judgment.
The Appeals Court Did Not Reject the Equity Concept
The Seventh Circuit did not rule that an equity-based class settlement is inherently improper.
The court recognized that uncertainty is unavoidable when a settlement depends on a company’s future performance. It also acknowledged that continued litigation could have exhausted Clearview’s assets, potentially leaving successful plaintiffs as unsecured creditors with little meaningful recovery.
Likewise, the court did not reject the agreement solely because it offered monetary relief without additional restrictions on Clearview’s business. It observed that a separate 2022 settlement with the American Civil Liberties Union had already imposed substantial restrictions on Clearview’s ability to provide its database to private parties.
The appellate court did, however, flag a separate financial issue for the district court to address if the parties return with a similar agreement.
The district judge had not independently examined Clearview’s revenue statements or made a finding about the likely value of the settlement’s cash-demand alternative. The Seventh Circuit said that if a substantially similar settlement is proposed on remand, the district court should review Clearview’s finances directly and make appropriate findings concerning that option.
The core reason for reversal remained representation.
Why the Class Allocation Failed
The settlement divided claimants into five groups:
- An Illinois subclass
- A California subclass
- A New York subclass
- A Virginia subclass
- A nationwide class
The state groups asserted different privacy, biometric, publicity, and consumer-protection claims. The nationwide class relied principally on broader claims such as unjust enrichment.
Those differences could justify different settlement values. Illinois residents, for example, asserted claims under the Illinois Biometric Information Privacy Act, one of the strongest biometric privacy statutes in the United States.
The Seventh Circuit did not hold that every class member had to receive the same number of shares.
It held that when groups have materially different interests, the less-favored group must receive adequate and independent representation during the settlement process.
Illinois class members were allocated ten shares. California, New York, and Virginia residents were allocated five. Nationwide-only class members received one.
None of the eight original class representatives agreed to the settlement. Replacement representatives were later appointed, but every approving representative belonged to one of the favored state subclasses. No attorney involved in negotiating the settlement was charged solely with protecting the interests of the nationwide-only group.
That arrangement did not provide the structural assurance of fair representation required in class litigation.
The ruling is therefore narrower than some headlines may suggest.
The settlement was not overturned because Clearview necessarily deserved to pay more, because every class member had an identical claim, or because a future equity interest is always unacceptable.
It was overturned because the people receiving the least favorable allocation lacked their own representative at the negotiating table.
The Settlement Created an Unusual Privacy Paradox
Although the court did not reject the future-interest structure, the agreement creates an undeniable tension.
People alleging that Clearview improperly used their biometric information would receive a larger recovery if Clearview became more successful and valuable.
In effect, the class’s financial recovery would partly depend on the continued commercial growth of the same facial-recognition business challenged in the lawsuit.
That does not automatically make the arrangement unfair. As the Seventh Circuit recognized, the alternative may have been continued litigation against a company unable to satisfy a large judgment.
But it illustrates the difficult economics of privacy litigation.
A defendant may face claims worth substantially more in theory than the company can pay in practice. Plaintiffs must then decide whether to seek injunctive relief, force the company toward insolvency, accept a discounted cash resolution, or obtain some interest in future growth.
The Clearview settlement attempted to convert an alleged privacy injury into a contingent financial asset.
The appellate court left open whether that concept can survive with better representation and more rigorous financial review.
What Clearview AI Actually Does
Clearview describes its product as a facial-recognition platform for law enforcement, government agencies, military organizations, and approved contractors.
The company says its database now contains more than 70 billion facial images collected from publicly available internet sources, including social media, news websites, mugshot repositories, and other online sources.
The product operates as a search engine for faces.
A user uploads an image containing an unidentified person. Clearview converts the face into a mathematical representation and searches for potential matches in its database. Results may link back to the online locations where corresponding images appeared.
Those source pages can reveal more than a person’s name.
Depending on the context, a facial search could expose employment history, social relationships, religious activity, political participation, geographic movements, news coverage, dating profiles, adult content, or other sensitive associations. The Seventh Circuit expressly recognized that a search may reveal identity as well as personal relationships and political or religious affiliations.
That capability explains both the product’s appeal to investigators and the severity of the privacy concerns surrounding it.
Public Photographs Are Not the Same as Public Biometrics
Clearview’s central privacy controversy arises from a distinction that is frequently lost in debates about web scraping.
A person may place a photograph on a public website. That does not necessarily mean the person expects the image to be collected by an unrelated company, converted into a biometric template, retained indefinitely, and made searchable through a law-enforcement identification system.
The photograph was visible.
The biometric search infrastructure did not yet exist from the individual’s perspective.
This distinction matters because biometric processing changes what can be done with the source material.
A photograph on a professional profile may be difficult to locate unless someone already knows the person’s name. Facial recognition reverses that process. A stranger can begin with the face and use it to discover the identity, profile, and associated internet history.
The processing therefore creates a new identification capability rather than merely copying the original image.
Privacy regulators in several countries have rejected the position that publicly accessible photographs can automatically be repurposed for mass facial recognition without legal restrictions.
The Illinois BIPA Claims
The class litigation included claims under Illinois’ Biometric Information Privacy Act.
BIPA generally requires covered private entities to provide notice and obtain written consent before collecting or obtaining biometric identifiers or biometric information. The statute also establishes requirements involving retention, destruction, disclosure, and safeguarding.
Unlike most U.S. privacy statutes, BIPA provides a private right of action, allowing affected people to bring lawsuits directly rather than waiting for a government regulator.
That combination made Illinois the center of Clearview’s U.S. legal exposure.
The plaintiffs alleged that Clearview collected faceprints from online images without providing the required notice or obtaining consent. Clearview denied wrongdoing, and the appellate ruling did not decide the underlying merits of those claims.
BIPA’s importance extends beyond Illinois.
Because one company cannot easily separate every Illinois face from a global internet database, enforcement under a single state law can influence nationwide product design.
That is exactly what occurred in a separate lawsuit brought by the ACLU and other organizations.
The 2022 ACLU Settlement Restricted Clearview’s Business
In May 2022, Clearview entered a settlement resolving a separate Illinois lawsuit filed by the ACLU and organizations representing communities that could face heightened risks from facial surveillance.
Under that agreement, Clearview was permanently prohibited from making its faceprint database available to most private businesses and private individuals across the United States, subject to limited exceptions.
The company was also prohibited for five years from providing database access to Illinois state and local government entities, including law enforcement. It agreed to maintain an opt-out mechanism for Illinois residents and to stop offering individual police officers free trial accounts without the knowledge or approval of their agencies.
That settlement explains why the later nationwide agreement focused primarily on financial relief.
Clearview’s private-sector access had already been significantly restricted by the ACLU case, reducing the amount of additional injunctive relief the multidistrict plaintiffs could realistically obtain through settlement.
Clearview today markets its platform primarily to federal, state, and local law enforcement, government agencies, military organizations, and their contractors.
Canadian Regulators Called It Mass Surveillance
Clearview’s legal difficulties have not been limited to the United States.
In 2021, federal and provincial Canadian privacy authorities concluded that the company’s scraping of billions of online photographs represented mass surveillance and violated Canadian privacy laws.
The investigation found that Clearview collected highly sensitive biometric information without the knowledge or consent of individuals. Regulators said the database included Canadians and children, most of whom had never been involved in criminal activity.
Clearview argued that consent was unnecessary because the images were publicly available and that Canadian privacy laws should not apply to the U.S.-based company. The regulators rejected those arguments, noting that Clearview collected images of Canadians, marketed its service to Canadian law enforcement, and had created dozens of Canadian accounts.
Authorities recommended that Clearview stop collecting Canadian images and delete previously collected images and biometric templates. Clearview exited the Canadian market but disputed key findings and did not demonstrate willingness to implement all of the regulators’ recommendations.
A separate Canadian investigation found that the Royal Canadian Mounted Police had violated privacy law through its use of Clearview, reinforcing that responsibility can extend to the government agency using the product—not only the vendor that built it.
Australia Ordered Clearview to Stop Collection and Delete Images
Australia’s privacy regulator reached a similar conclusion.
In 2021, the Office of the Australian Information Commissioner found that Clearview violated the Australian Privacy Act by collecting biometric information without consent, collecting information through unfair means, failing to provide adequate notice, failing to take appropriate steps regarding accuracy, and lacking sufficient privacy-governance systems.
The regulator ordered Clearview to stop collecting facial images and biometric templates from people in Australia and to destroy existing Australian data.
The Australian decision emphasized several characteristics that distinguish facial biometrics from ordinary personal information:
- Biometric identity data cannot simply be reissued like a password.
- A compromised facial template may create lasting risk.
- Facial matching can produce misidentification.
- People whose images appear online do not reasonably expect an unrelated company to convert them into searchable biometric profiles.
- Indiscriminate collection can affect personal freedom even when most people will never be connected to a criminal investigation.
Clearview challenged the decision, but Australia’s regulator stated in 2024 that the original determination remained in force, including the requirement to stop collecting and delete Australian facial information.
European Regulators Have Imposed Major Penalties
Clearview has also faced sustained enforcement under European privacy law.
France’s data protection authority ordered the company in 2021 to stop collecting and processing personal data relating to people in France without a lawful basis and to address rights involving access and deletion. The CNIL later imposed a 20 million euro penalty after Clearview failed to comply with the earlier order.
In September 2024, the Dutch Data Protection Authority imposed a 30.5 million euro fine and potential additional penalties exceeding 5 million euros. The Dutch regulator concluded that Clearview had created an illegal biometric database, lacked a lawful basis, failed to provide adequate transparency, and did not properly facilitate access requests.
The Dutch authority also warned organizations in the Netherlands that using Clearview’s services could itself be unlawful.
The message is significant for customers of AI technology.
Purchasing access from a vendor does not transfer all compliance responsibility to that vendor. An agency or company using biometric search must establish its own legal authority, necessity, proportionality, transparency, retention, security, and oversight.
Clearview’s UK Jurisdiction Fight Continues
The United Kingdom’s Information Commissioner fined Clearview approximately £7.5 million in 2022 and issued an enforcement notice concerning the scraping of images of UK residents.
Clearview challenged the action, initially obtaining a favorable jurisdictional ruling from the First-tier Tribunal.
In October 2025, the UK Upper Tribunal reversed key parts of that reasoning. It concluded that Clearview’s processing related to monitoring the behavior of UK residents and did not automatically fall outside UK data protection law merely because the company supplied services to foreign government and law-enforcement customers.
The matter was sent back for consideration of the substantive appeal. Clearview subsequently received permission to pursue a further appeal.
The UK litigation highlights one of the most important unresolved questions in global AI enforcement:
How effectively can a national regulator control an overseas company that collects data remotely and does not maintain a conventional local establishment?
Facial recognition, web scraping, and AI training do not respect geographic borders. A company can collect a person’s information from another continent, process it on foreign infrastructure, and sell access to customers elsewhere.
Regulators are increasingly responding by asserting jurisdiction based on the people being monitored rather than the physical location of the company.
The Database Keeps Growing Despite the Enforcement Record
Clearview’s business has not disappeared.
The company currently says its facial network contains more than 70 billion images and promotes its service as an investigative tool for public safety, criminal investigations, national security, defense, and public defenders.
Clearview says facial matches should be used as investigative leads rather than as the sole basis for arrest or legal action. It also emphasizes testing, accuracy, security, and government-focused controls.
Supporters point to cases in which facial recognition has helped identify suspects, locate victims, revive cold cases, or exonerate wrongly accused people. The Seventh Circuit noted both the concerns surrounding surveillance and racial inequity and the technology’s reported role in solving crimes and exonerating innocent people.
These benefits do not eliminate the privacy questions.
They make responsible governance more important.
A useful technology can still be collected unlawfully, deployed disproportionately, accessed without authorization, or relied upon without adequate verification.
Facial Recognition Creates Several Distinct Privacy Risks
Permanent Identification
Passwords, account numbers, and identification cards can be replaced.
A person cannot replace their face.
When a biometric template is exposed or repurposed, the risk can persist throughout the person’s life.
Identification Without Participation
Traditional identification often requires cooperation: presenting a document, providing a fingerprint, entering credentials, or looking into a controlled camera.
A face-search platform may identify someone remotely using an image captured without their awareness.
Contextual Exposure
A facial match can lead to the source pages where photographs appeared.
Those pages may reveal sensitive relationships, political participation, religious associations, prior employment, health circumstances, or personal activities.
Function Creep
A database initially marketed for serious criminal investigations can later be used for immigration enforcement, retail surveillance, employee screening, fraud prevention, access control, political intelligence, or other purposes.
The risk changes when the original purpose expands.
Misidentification
A facial-recognition result is probabilistic.
Poor-quality images, demographic performance differences, lookalikes, outdated photographs, and investigator confirmation bias can contribute to incorrect matches.
Human review is necessary but does not automatically eliminate automation bias.
Chilling Effects
People may behave differently when they believe every public appearance can be connected to a permanent, searchable identity profile.
That can affect protest, religious observance, medical visits, political activity, association, and ordinary movement in public.
“Publicly Available” Is Not a Complete Compliance Strategy
Clearview’s history offers a broader lesson for every company training AI systems with internet data.
Public accessibility is relevant, but it is not a universal exemption from privacy law.
Organizations must still consider:
- Whether the material contains personal or biometric information
- Whether collection is compatible with the original context
- Whether a lawful basis exists
- Whether people reasonably expect the new use
- Whether sensitive information is inferred
- Whether notice is required
- Whether individuals can exercise access, deletion, or objection rights
- Whether retention is necessary
- Whether the processing creates disproportionate harm
- Whether foreign privacy laws apply
The internet is not a rights-free training database.
A person may publish content for friends, professional visibility, journalism, creative expression, or participation in public life. That does not necessarily authorize every downstream commercial use.
What Organizations Using Facial Recognition Should Do
Companies and public agencies evaluating facial recognition should apply enhanced governance before deployment.
Define the Permitted Purpose
The organization should identify the exact problem the system is intended to solve.
“Security” or “fraud prevention” is generally too broad to support meaningful controls.
Establish Legal Authority
The organization should determine whether notice, consent, statutory authorization, judicial approval, collective-bargaining consultation, or another legal condition is required.
Conduct a Privacy and Human-Rights Assessment
The assessment should address necessity, proportionality, affected populations, accuracy, bias, alternatives, security, retention, misuse, and potential chilling effects.
Review the Vendor’s Data Sources
The customer should know how the vendor acquired its reference database, which jurisdictions are represented, what rights individuals have, and whether collection has been challenged by regulators.
Limit Access
Only trained and authorized users should be able to conduct searches. Every search should be connected to a legitimate case or business purpose and recorded in an auditable log.
Require Independent Confirmation
A facial match should not be treated as conclusive identity evidence.
Organizations should require corroboration through independent investigative information.
Establish Retention Rules
Probe images, search results, candidate lists, audit records, and biometric templates should not be retained indefinitely without a documented need.
Create Rights and Complaint Procedures
People need a practical method to ask whether their information is held, challenge an incorrect match, request deletion where applicable, and report misuse.
Monitor the Law Continuously
Biometric regulation is expanding at the state, national, and international levels. A deployment permitted in one jurisdiction may be prohibited or heavily restricted in another.
What Happens Next in the Clearview Litigation?
The case returns to the U.S. District Court for the Northern District of Illinois.
The parties may propose another settlement with separate representatives and counsel for the nationwide-only class. They could alter the share allocation, revise the revenue option, provide additional cash or nonmonetary relief, or abandon the existing structure.
If a similar agreement is presented, the district court will need to scrutinize Clearview’s financial condition and the projected value of the cash-demand mechanism more closely.
The plaintiffs could also resume litigation, although that would create substantial costs, delay, and the risk that Clearview would be unable to satisfy a large judgment.
The appellate court expressed no view that one particular outcome is required.
It required a process in which the people receiving the least favorable treatment have someone exclusively responsible for protecting their interests.
The Captain Compliance Perspective
Clearview’s story is a case study in how privacy risk compounds. As we spoke about on one of our recent webinars about a water mane break that could have been prevented but instead it built up and exploded causing a Detroit suburb to go without water for weeks. Privacy is kind of like that you know?
It began with data collection at a scale few individuals understood. That collection produced biometric profiles. The profiles enabled a new identification product. The product spread across customers and jurisdictions. Litigation followed. Regulators issued findings, fines, deletion orders, and market restrictions. Years later, courts are still trying to determine how millions of affected people can receive meaningful relief from a company that may lack the resources to pay the theoretical value of the claims.
Organizations developing AI systems should not assume that legal and financial consequences arise only when information is breached.
Privacy liability can begin with the collection itself.
Captain Compliance helps organizations identify AI and biometric processing, conduct privacy impact assessments, document lawful purposes, govern vendors, establish retention rules, manage individual rights, assign controls, and preserve audit-ready evidence.
The goal is to address the risk before the database reaches billions of records and before remediation becomes technically, legally, and financially unmanageable.
The Seventh Circuit’s decision does not resolve whether Clearview ultimately owes compensation to the nationwide class.
It does make one principle clear:
When a company’s business is built from the identities of millions of people, those people cannot be treated as one undifferentiated group when their legal rights—and the value assigned to those rights—are materially different.
Frequently Asked Questions
What did the Seventh Circuit decide?
The court vacated approval of the Clearview AI class-action settlement because nationwide-only class members lacked separate representation even though they were allocated substantially fewer settlement shares than members of certain state subclasses.
Did the court find Clearview liable for violating privacy law?
No. The decision concerned approval of the settlement and adequate class representation. It did not decide the ultimate merits of the biometric privacy allegations.
What would the settlement have provided?
The class could receive a payment tied to a 23% interest in Clearview following an IPO, merger, consolidation, or sale. The settlement master also had options involving a third-party sale or a revenue-based cash demand.
Why did different class members receive different shares?
The class members asserted claims under different state laws with potentially different strength and value. Illinois residents asserting BIPA claims received the highest allocation.
Did the court reject settlements based on company equity?
No. The Seventh Circuit found no inherent problem with monetary relief structured as an equity-style interest, given Clearview’s limited ability to make a large immediate payment.
How does Clearview obtain facial images?
Clearview says it collects facial images from publicly available web sources, including social media, news media, mugshot websites, and other online sources.
Why can public photographs still create privacy concerns?
Converting a photograph into a biometric template makes the person searchable by face and may expose identity, relationships, affiliations, and other contextual information that was not easily discoverable from the original photograph alone.
What restrictions did the ACLU settlement impose?
The 2022 settlement prohibited Clearview from providing its database to most private entities nationwide and temporarily restricted access by Illinois government agencies. It also required an Illinois opt-out program and other controls.
Has Clearview faced international enforcement?
Yes. Privacy authorities in Canada, Australia, France, the Netherlands, and the United Kingdom have pursued investigations, findings, orders, penalties, or litigation concerning Clearview’s practices. The procedural status and enforceability of those actions vary by jurisdiction.
What should companies do before using facial recognition?
They should establish a lawful and narrowly defined purpose, conduct a privacy impact assessment, examine the vendor’s data sources, restrict access, require independent match verification, establish retention limits, document rights procedures, and monitor applicable biometric laws.