France’s data protection authority (DPA) announced Wednesday it issued a fine of 5.2 million euros (then-U.S. $5.7 million) against facial recognition company Clearview AI last month for failing to comply with an October order to cease and desist from further violations of the General Data Protection Regulation (GDPR).

Clearview AI collects photographs from websites and then sells access to the database of images together with a search engine that can identify people. The company advertises the capabilities as helpful to law enforcement and security, but organizations and governments have raised concerns—and issued orders—that Clearview AI’s tools endanger the privacy of citizens and run afoul of regulations like the GDPR.

The company was ordered in October to stop including photos of French residents in its databases and to pay €20 million (then-U.S. $19.6 million). The French DPA, CNIL, said then if Clearview AI didn’t comply with the order within two months, it would have to pay additional fines up to €100,000 per day.

“Clearview AI had two months to comply with the order and to justify compliance to the CNIL. However, the company did not send any proof of compliance within this time limit,” the regulator said in a press release.

On April 13, the CNIL found Clearview AI hadn’t complied with its order and decided to impose the overdue penalty.

The run-in with the CNIL in October was Clearview AI’s fourth with a European DPA. The company was also penalized last year by data privacy regulators in Greece, Italy, and the United Kingdom.

U.S.-based Clearview AI has stated in response to these penalties it does not have any place of business or customers in the European Union.

Clearview AI did not respond to a request for comment.