What a UK court has ruled based on EU law is not necessarily what an EU court would rule. They may well state that Clearview is a commercial partner of foreign law enforcement and therefore not protected (because it’s not the foreign law enforcement itself doing the data harvesting, but a commercial firm intending to make money).
Besides, the UK court clearly ruled that the law did apply, but that Clearview wasn’t in breach. This wasn’t a jurisdiction issue, as you asserted initially.