US-based facial recognition company Clearview AI will likely be fined roughly $22.6 million for serious breaches of the UK’s data protection laws. The penalty was announced yesterday by the UK’s Information Commissioner’s Office (ICO). ICO issued a provisional notice to Clearview that it must stop processing personal data taken from UK residents and delete any of this data in its possession. The announcement of the fine and provisional notice follows a joint investigation conducted by the ICO and the Office of the Australian Information Commissioner (OAIC).

Clearview claims to have the largest database of facial images, containing more than 10 billion images sourced from public-only web sources, including the news media, social media, mugshot websites, and other open sources. The company offers services such as web-based intelligence and allows law enforcement to generate high-quality investigative leads by searching images of a suspect’s face. The ICO and OAIC investigation found that the company failed to comply with UK data protection laws, such as failure to process the information of UK residents in a way that is fair or expected, failure to have a process in place to prevent data from being retained indefinitely, and failure to have a lawful reason for collecting information.

Read More: Clearview AI to be Fined $22.6m for Breaching UK Data Protection Laws