Facial recognition company Clearview AI has been fined more than £7.5m by the UK's privacy watchdog and told to delete the data of UK residents.
The company gathers images from the internet to create a global facial recognition database.
The Information Commissioner's Office (ICO) says that breaches UK data protection laws.
It has ordered the firm to stop obtaining and using the personal data of UK residents.
The USAGovNews has approached Clearview AI for comment.
'Unacceptable' data use
The ICO says that, globally, the company has stored more than 20 billion facial images.
Clearview AI takes publicly posted pictures from Facebook, Instagram and other sources, usually without the knowledge of the platform or any permission.
John Edwards, UK Information Commissioner, said: "The company not only enables identification of those people, but effectively monitors their behaviour and offers it as a commercial service. That is unacceptable."
Mr Edwards continued: "People expect that their personal information will be respected, regardless of where in the world their data is being used."
The ICO said Clearview AI Inc longer offered its services to UK organisations but, because the company had customers in other countries, it was still using personal data of UK residents.
In November 2021, the ICO said that the company was facing a fine of up to £17m - almost £10m more than it has now ordered it to pay.
The UK has become the fourth country to take enforcement action against the firm, following France, Italy and Australia.
'Search engine for faces'
The company's system allows a user to upload a photo of a face and find matches in a database of billions of images it has collected.
It then provides links to where matching images appear online.
The ICO found that Clearview AI Inc breached UK data protection laws by failing to:
It also found the firm had requested additional personal information, including photos, when asked by members of the public if they are on their database.
The ICO's action comes after a joint investigation with the Office of the Australian Information Commissioner.
Mr Edwards said: "This international co-operation is essential to protect people's privacy rights in 2022.
"That means working with regulators in other countries, as we did in this case with our Australian colleagues."