A US facial recognition company is being threatened with a fine of £17 million for breaching UK data protection law.

Clearview AI gathered photos of people from social media platforms including Facebook and Twitter, then sold its software to companies, police and universities.

It is said to have more than ten billion images indexed from the internet and British law enforcement services used it on a 'free trial' basis at one point.

The Information Commissioner's Office (ICO) has today announced its provisional intent to impose a potential fine of just over £17 million on Clearview AI Inc - a company that describes itself as the 'world's largest facial network'.

Elizabeth Denham, UK Information Commissioner, said: "I have significant concerns that personal data was processed in a way that nobody in the UK will have expected. It is therefore only right that the ICO alerts people to the scale of this potential breach and the proposed action we're taking.

"Clearview AI Inc's services are no longer being offered in the UK. However, the evidence we've gathered and analysed suggests Clearview AI Inc were and may be continuing to process significant volumes of UK people's information without their knowledge."

Today's announcement follows a joint investigation by the ICO and the Office of the Australian Information Commissioner.

Investigators focused on Clearview AI Inc's use of images, data scraped from the internet and the use of biometrics for facial recognition.

Customers of Clearview AI Inc can also provide an image to the company to carry out biometric searches, including facial recognition searches, on their behalf to identify relevant facial image results against a database of over ten billion images.

The images are likely to have been gathered without people's knowledge from publicly available information online, including social media platforms.

The ICO understands that the service provided by Clearview AI Inc was used on a free trial basis by a number of UK law enforcement agencies, but that this trial was discontinued and Clearview AI Inc's services are no longer being offered in the UK.

The ICO's preliminary view is that Clearview AI Inc appears to have failed to comply with UK data protection laws and failed to process the information of people in the UK in a way they are likely to expect or consider fair.

Clearview AI Inc now has the opportunity to make representations in respect of these alleged breaches.