"The CNIL chair has ordered the company to cease this illegal processing and to delete the data within two months," it said in a statement.
The New York-based firm has collected over 10 billion images in its worldwide dragnet to feed them into a search engine which American law enforcement agencies use to locate suspects.
These include publicly available photos and videos of tens of millions of people in France collected without their prior consent, according to the CNIL.
The French authority argued that Clearview used the data to build a biometric template of a person’s face to make it identifiable. The vast majority of users do not know that such a mechanism exists.
"These biometric data are particularly sensitive, notably because they are linked to our physical identity (what we are) and allow us to be identified in a unique way," it said.
Clearview also breached EU rules by restricting access of users to its database to twice a year and limiting accessible data to the 12 preceding months. It also simply ignored some requests.
The decision comes just a few days after the UK regulator fined Clearview 17 million pounds ($22.7 million) for processing the data of British nationals. The controversial firm was also found to be in breach of laws in Canada and Australia.