Facial recognition company Clearview AI penalized by French regulator

France’s data privacy regulator CNIL has ordered Clearview AI, a facial recognition firm that has collected 10 billion images worldwide, to stop collecting and using data from people based in the European country.

In a formal demand revealed on Thursday, the CNIL stressed that Clearview’s collection of publicly-available facial images on the Internet and social media had no legal basis and breached data privacy rules of the European Union.

The French regulator said the facial recognition software company, which is used as a search engine for faces to help intelligence agencies and law enforcement in their investigations, failed to ask for the prior consent of those whose images the firm collected online.

The CNIL added that the New York-based firm failed to provide those concerned with proper access to their collected data, notably by limiting access to only twice a year without any prior justification and restricting this right to data racked up during the 12 before any request.

European Union’s law provides for citizens to seek the removal of their personal data from any privately-owned database. The CNIL said that Clearview AI had two months to abide by its demands, or the firm could face potential sanctions.