The Dutch Data Protection Authority, Autoriteit Persoonsgegevens, has fined American face-recognition firm Clearview AI €30.5 million (US$33.8 million) for violating the General Data Protection Regulation (GDPR). The fine is likely to grow to €35.5 million due to additional penalties for non-compliance. The Dutch authority also said it was considering going after Clearview’s board of directors “personally.” The authority issued a sternly worded statement on Tuesday aimed as much at other companies trying to leverage global data as at Clearview. The Dutch regulator also said that it would pursue actions against the company’s customers. “Clearview breaks the law, and this makes using the services of Clearview illegal. Dutch organizations that use Clearview may therefore expect hefty fines from the Dutch DPA.”