Showing content from https://www.cnil.fr/en/investigating-and-issuing-sanctions/sanctions-issued-cnil below:
The sanctions issued by the CNIL
- Home
- The sanctions issued by the CNIL
The sanctions issued by the CNIL
02 January 2025
The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.
Sanctions issued in 2024 Date Type of organization Main breaches/Theme subject Adopted decision 01/09/2024 WEBSITE PUBLISHER - REVERSE LOOK-UP DIRECTORY (simplified procedure)
Failure to cooperate with the CNIL
Failure to respect the right of access
Failure to respect the right to object
Fine of €1,500
01/15/2024 LAWYER (simplified procedure) Failure to cooperate with the CNIL
Failure to respect the right of erasure Fine of €5,000 01/22/2024 LAWYER (simplified procedure)
Failure to cooperate with the CNIL
Fine of €500
01/24/2024 PHARMACEUTICAL WHOLESALE BUSINESS (simplified procedure) Lack of data security
Failure to cooperate with the CNIL
Register of processing activities
Obligation for processors to offer sufficient guarantees, recruited after authorization by the controller Fine of €20,000 01/25/2024 POLITICAL ASSOCIATION (simplified procedure)
Information of individuals and transparency (political canvassing)
Fine of €20,000 01/31/2024 PUBLISHER OF A WEBSITE OFFERING INDIVIDUALS THE OPPORTUNITY TO PUBLISH OR CONSULT REAL ESTATE ADS AND OTHER SERVICES
Lack of data security
Framework for relations between the controller and the processor
Information of individuals and transparency
Data retention periods
Fine of €100,000 01/31/2024 INDIVIDUAL (simplified procedure)
Failure to cooperate with the CNIL
Fine of €500 01/31/2024 DENTAL SURGEON (simplified procedure) Lack of data security
Failure to respect the right of access (health data) Fine of €5,000 01/31/2024 WEBSITE PUBLISHER - NEWS IN THE FIELD OF NEW TECHNOLOGIES (simplified procedure) Lack of data security Fine of €20,000 01/31/2024 COMPANY ENGAGED IN THE MARKETING AND MANAGEMENT OF LOYALTY PROGRAMS AND CARDS (simplified procedure Obligation to process data lawfully
(commercial prospecting by phone) Fine of €310,000 01/31/2024 BUSINESS SUPPORT COMPANY (simplified procedure) Lack of data security Fine of €10,000 02/29/2024 SCIENTIFIC RESEARCH AND DEVELOPMENT COMPANY (simplified procedure) Obligation to process data lawfully Fine of €10,000 02/29/2024 DENTAL SURGEON (simplified procedure) Failure to cooperate with the CNIL
Failure to respect the right of access (health data) Fine of €4,000 04/04/2024 RETAIL SALE OF TELECOMMUNICATIONS EQUIPMENT
Consent of individuals (commercial prospecting by phone - Article L. 34-5 of the French Postal and Electronic Communications Code)
Lack of legal basis
Information of individuals and transparency (art. 14)
Fine of €525,000 04/04/2024 COMPANY ENGAGED IN COMMERCIAL PROSPECTING BY E-MAIL ON BEHALF OF ADVERTISERS No response to injunction Liquidation of the penalty payment of €25,000 04/25/2024 COMPANY OPERATING SHOE AND SPORTSWEAR STORES (simplified procedure) Information of individuals and consent (cookies)
Fine of €15,000
04/25/2024 ASSOCIATION PARTICIPATING IN THE ACTIVITIES OF POLITICAL ORGANIZATIONS (simplified procedure) Lack of legal basis Fine of €16,000 euros and injunction 04/25/2024 FRENCH LITERARY REVIEW (simplified procedure) Late compliance for erasure requests (injunction procedure) Liquidation of the penalty payment of €3,000 05/23/2024 NATIONAL PUBLIC ESTABLISHMENT (TEACHING) (simplified procedure) Data minimization
Information of individuals and consent Fine of €6,000 05/23/2024 COMPANY ENGAGED IN OPTICAL RETAILING (simplified procedure) Late response to compliance order (injunction procedure) Liquidation of the penalty payment of €4,000 05/23/2024 COMPANY MANAGING A CALL PLATFORM FOR PROFESSIONAL SECRETARIAT (simplified procedure) Data minimization
Information of individuals and consent
Lack of data security Fine of €15,000 05/23/2024 COMPANY MANAGING A CALL PLATFORM FOR PROFESSIONAL SECRETARIAT (simplified procedure) Data minimization
Information of individuals and consent
Lack of data security Fine of €10,000 06/10/2024 BAKERY (simplified procedure) Information of individuals
Obligation to process data lawfully (CCTV)
Data minimization (CCTV)
Fine of €5,000
06/10/2024 COMPANY DISTRIBUTING JOURNALISTIC CONTENT (simplified procedure)
Information of individuals and consent (cookies)
Fine of €3,000 and injunction 06/10/2024 GENERAL PRACTITIONER (simplified procedure) Failure to respect the right of access (medical records)
Lack of cooperation with the CNIL Fine of €4,000 and injunction 06/27/2024 COMPANY SPECIALIZING IN PROPERTY MANAGEMENT AND COMMERCIAL OPERATIONS COMPANY BROADCASTING JOURNALISTIC CONTENT (procédure simplifiée)
Information of individuals and consent (cookies)
Fine of €12,000 07/09/2024 FRENCH MINISTRY
Data retention
Obligation to process data lawfully
Reprimand and injunction 07/22/2024 MUNICIPALITY Failure to respond to injunction and non-compliance Liquidation of the penalty payment of €6,900 07/25/2024 PRIVATE HIGHER EDUCATION ESTABLISHMENT (simplified procedure) Data minimization
Data retention
Lack of data security Fine of €20,000 08/08/2024 ENERGY BROKERAGE COMPANY (simplified procedure)
Data minimization
Information of individuals and transparency (commercial prospection)
Recording of processing activities
Fine of €20,000 and injunction 08/20/2024 WEBSITE HOST (simplified procedure) Failure to respect the right to object
Lack of cooperation with the CNIL Fine of €8,000 08/28/2024 COMPANY SPECIALIZING IN STATISTICAL STUDIES OF HEALTH DATA Authorization from the CNIL unrequested (health data wahehouse) Fine of €800,000 08/28/2024 COMPANY SPECIALIZING IN THE MANAGEMENT OF HEALTH DATA FLOWS Authorization from the CNIL unrequested (health data wahehouse) Fine of €200,000 08/29/2024 WEB PUBLISHER IN THE TRANSPORT SECTOR Obligation to perform a data protection impact assessment
Information of individuals and consent
Obligation to process data lawfully Fine of €300,000 09/05/2024 CLOTHING RETAILING COMPANY (simplified procedure) Obligation to process data lawfully
Data minimization
Information of individuals and transparency (CCTV)
Lack of cooperation with the CNIL Fine of €15,000 09/05/2024 FENCE MANUFACTURING AND INSTALLATION COMPANY (simplified procedure) Failure to respect the right to access
Lack of cooperation with the CNIL Fine of €10,000 09/05/2024 PUBLICATION AND SALE OF MANAGEMENT SOFTWARES FOR PHYSICIANS Failure to apply for a CNIL authorization (health data warehouse)
Obligation to process data lawfully Fine of €800,000 09/12/2024 COMPANY OPERATING A CASINO AND A HOTEL (simplified procedure) Information of individuals (CCTV)
Failure to respect the right of access Fine of €12,000 09/13/2024 MUNICIPALITY (simplified procedure)
Unlawful processing of data
Data retention period
Record of processing activities
Obligation to appoint a Privacy Officer
Lack of cooperation with the CNIL
Fine of €20,000 09/19/2024 ARMOURY SELLING ONLINE AND IN-STORE (simplified procedure) Data retention period
Information of individuals and transparency
Failure to respect the right of erasure
Lack of data security
Obligation to document a data breach Fine of €20,000 09/26/2024 COMPANY OFFERING IT SYSTEMS AND SOFTWARE CONSULTANCY SERVICES, SOFTWARE PUBLISHING AND PRODUCTION Lack of cooperation with the CNIL
Failure to respect the right of erasure Fine of €15,000 and injunction 09/26/2024 TRAINING ORGANISATION FOR HEALTHCARE PROFESSIONALS
Information of individuals and consent (cookies)
Failure to respect the right of erasure
Framework for relations between the controller and the processor
Lack of data security
Fine of €15,000 and injunction 09/26/2024 COMPANY OFFERING REMOTE DIVINATION SERVICES Consent of individuals (online commercial prospection)
Consent of individuals (special data category)
Data retention period
Minimisation of data Fine of €250,000 09/26/2024 COMPANY ENGAGED IN THE DEVELOPMENT AND PROVISION OF IT AND DIGITAL SERVICES Consent of individuals (online commercial prospection)
Consent of individuals (special data category)
Data retention period Fine of €150,000 09/26/2024 MARKETING COMPANY (simplified procedure) Failure to respond to the injunction and non-compliance (injunction procedure) Liquidation of penalty of €3,000 09/30/2024 ASSOCIATION FOR THE CREATION OF A PSYCHIATRIC HEALTH NETWORK (simplified procedure) Lack of cooperation with the CNIL
Failure to respect the right of access Fine of €3,000 10/10/2024 COMPANY MARKETING CRYPTOCURRENCY WALLETS Lack of data security
Data retention period Fine of €750,000 10/11/2024 ORTHOPHONIST (simplified procedure) Failure to respond to the injunction and non-compliance Liquidation of penalty of €4,000 10/17/2024 MINISTRY
Obligation to process accurate data
Information of individuals
Failure to respect the right of access
Failure to respect the right of rectification
Failure to respect the right of erasure
Reprimand and injunction 10/17/2024 MINISTRY Obligation to process accurate data
Information of people
Failure to respect the right of access
Failure to respect the right of rectification
Failure to respect the right of erasure Reprimand and injunction 10/17/2024 COMPANY ENGAGED IN THE PROVISION OF SERVICES (MANAGEMENT OF TELEPHONE CALLS) (simplified procedure) Information of individuals (CCTV and phone recording)
Failure to respect the right to object
Lack of data security Fine of €20,000 10/17/2024 DENTIST SURGEON (simplified procedure) Failure to respect the right of access (medical file)
Lack of cooperation with the CNIL Fine of €3,000 and injunction 10/23/2024 ASSOCIATION PARTICIPATING IN THE ACTIVITIES OF POLITICAL ORGANISATIONS (simplified procedure) Failure to respond to an injunction and non-compliance (injunction procedure) Liquidation of penalty of €4,000 11/14/2024
TELECOMMUNICATIONS OPERATOR
Information of individuals (cookies)
Commercial prospecting (article L. 34-5 CPCE)
Fine of €50 million and injunction 11/26/2024
IT FACILITIES MANAGEMENT COMPANY (simplified procedure)
Failure to cooperate with the CNIL Fine of €15,000 11/26/2024
ASSOCIATION PROVIDING SOCIAL SERVICES WITHOUT ACCOMMODATION AND MANAGING MEDICAL, SOCIAL AND HEALTH ESTABLISHMENTS (simplified procedure)
Failure to respect the right of access
Failure to cooperate with the CNIL
Fine of €10,000 12/05/2024 COMPANY OFFERING PRIVATE SECURITY SERVICES (simplified procedure) Minimisation of data
Information of individuals and transparency
Register of processing activities Fine of €20,000 and injunction 12/05/2024 COMPANY SPECIALISING IN THE DEVELOPMENT AND ORGANISATION OF ADVERTISING CAMPAIGNS (simplified procedure) Commercial prospecting (article L. 34-5 CPCE)
Data retention period
Information of individuals and transparency Fine of €20,000 12/05/2024 COMPANY SELLING COSMETIC PRODUCTS (simplified procedure) Obligation to process data lawfully (CCTV)
Limitation of purpose (CCTV)
Minimisation of data (CCTV)
Information of individuals Fine of €3,000 12/05/2024 CLINIC (simplified procedure) Failure to cooperate with the CNIL Fine of €15,000 12/05/2024 COMPANY DEVELOPING AND MARKETING A BROWSER EXTENSION (simplified procedure) Lack of legal basis
Data retention period
Information of individuals and transparency
Failure to respect the right of access Fine of €240,000 and injunction 12/12/2024 COMMUNICATION AND AUDIOVISUAL PRODUCTION AGENCY (simplified procedure) Transparency and information (exercise of rights)
Failure to respect the right of access Fine of €6,000 12/12/2024 RETAIL SALES COMPANY (simplified procedure) Failure to respect the right of access Fine of €18,000 12/12/2024 COMPANY CARRYING ON THE BUSINESS OF COMPARING DRIVING SCHOOLS (simplified procedure) Transparency and information (exercise of rights)
Failure to respect the right of access Fine of €10,000 12/12/2024 TWO COMPANIES OPERATING AS PRESS AGENCIES (simplified procedure) Consent of individuals (cookies) Fine of €5,000 and Fine of €5,000 12/12/2024 CLOTHING RETAIL COMPANY (simplified procedure) Consent of individuals (cookies) Fine of €5,000 12/12/2024 CLOTHING RETAIL COMPANY (simplified procedure) Consent of individuals (cookies) Fine of €3,000 12/12/2024 CLOTHING RETAIL COMPANY (simplified procedure) Consent of individuals (cookies) Fine of €20,000 12/12/2024 CLOTHING RETAIL COMPANY (simplified procedure) Consent of individuals (cookies) Fine of €10,000 12/12/2024 SOFTWARE DEVELOPMENT TOOLS AND LANGUAGES COMPANY (simplified procedure) Consent of individuals (cookies) Fine of €20,000 and injunction 12/12/2024 COMPANY OPERATING INTERNET PORTALS (simplified procedure) Consent of individuals (cookies) Fine of €20,000 and injunction 12/19/2024 PUBLIC ADMINISTRATIVE ESTABLISHMENT (simplified procedure) Failure to respect the right of access
Failure to cooperate with the CNIL Reprimand 12/19/2024 CALL CENTER (simplified procedure) Obligation to process data lawfully and with transparency
Lack of data security
Failure to cooperate with the CNIL Fine of €20,000 12/19/2024 COMPANY PROVIDING PRIVATE SECURITY, CLOSE PROTECTION, HOTESSARIAT AND LOGISTICS MANAGEMENT SERVICES (simplified procedure) Failure to cooperate with the CNIL Fine of €8,000 12/19/2024 STOMATOLOGIST (simplified procedure) Failure to respect the right of access (medical records)
Failure to cooperate with the CNIL Fine of €5,000 12/19/2024 COMPANY PUBLISHING A DEMATERIALISED GAMES WEBSITE (simplified procedure) Failure to respect the right of access Fine of €15,000 12/19/2024 COMPANY RUNNING A GYM (simplified procedure) Failure to cooperate with the CNIL Fine of €3,000 12/19/2024 COMPANY SPECIALISING IN INTERNET PORTALS (simplified procedure) Failure to respect the right of opposition
Failure to cooperate with the CNIL Fine of €5,000 12/19/2024 IT SYSTEMS AND SOFTWARE CONSULTANCY COMPANY (simplified procedure) Failure to respect the right of access Fine of €8,000 12/19/2024 COMPANY CARRYING ON ESTATE AGENCY BUSINESS Minimisation of data (CCTV)
Obligation to process data lawfully (CCTV)
Information of individuals
Lack of data security
Obligation to perform a data protection impact assessment Fine of €40,000 12/19/2024 ACCESS TO HEALTHCARE (simplified procedure) Failure to cooperate with the CNIL Fine of €5,000 12/19/2024 REGIONAL SUPPORT GROUP FOR THE DEVELOPMENT OF E-HEALTH (simplified procedure) Obligations relating to data processing in health sector
Framework for relations between the controller and the processor Fine of €20,000 12/19/2024 GENERAL PRACTITIONER (simplified procedure) No response to injunction Liquidation of the penalty payment of €2,000 12/26/2024 COMPANY OPERATING SUPERMARKETS (simplified procedure)
Minimisation of data
Register of processing activities
Obligation to carry out a data protection impact assessment Fine of €18,000 12/31/2024 AMBULANCE TRANSPORT COMPANY (simplified procedure) Failure to cooperate with the CNIL Fine of €10,000 12/31/2024 INDIVIDUALS (simplified procedure) Failure to cooperate with the CNIL Fine of €5,000 12/31/2024 COMPANY MANAGING A CONVERSATIONAL ROBOT USING ARTIFICIAL INTELLIGENCE (simplified procedure) Failure to cooperate with the CNIL Fine of €5,000 Sanctions issued in 2023 Date Type of organization Main breaches/Theme subject Adopted decision 01/23/2023 COMPUTER SYSTEMS AND SOFTWARE CONSULTING COMPANY (simplified procedure)
Failure to cooperate with the CNIL
Consent of individuals
Information of the persons
Failure to respect the right of erasure
Register of processing activities
Lack of data security
Fine of €5,000 and injunction
02/08/2023 MUNICIPALITY (simplified procedure)
Obligation to appoint a data protection officer
Failure to cooperate with the CNIL
Fine of €5,000 and injunction 02/08/2023 GENERAL PRACTITIONER (simplified procedure) Failure to respect the right of access
Failure to cooperate with the CNIL Fine of €3,000 and injunction 02/08/2023 COMPANY EXERCISING A RETAIL CLOTHING ACTIVITY IN SPECIALIZED STORES (simplified procedure) Failure to cooperate with the CNIL Fine of €10,000 and injunction 03/03/2023 COMPANY EXERCISING PRIVATE SECURITY ACTIVITY (simplified procedure)
Failure to comply with the principle of data minimization
Information to individuals
Register of processing activities
Fine of €15,000 03/16/2023 SELF-SERVICE ELECTRIC SCOOTER RENTAL COMPANY Failure to comply with the principle of data minimization
Information to individuals
Supervision of the relationship between the controller and the processor Fine of €125,000 03/28/2023 COMPUTER PROGRAMMING COMPANY (simplified procedure) Framework for the relationship between the controller and the processor
Failure to maintain data security Fine of €20,000 03/28/2023 MARKETING COMPANY (simplified procedure) Failure to cooperate with the CNIL Fine of €10,000 and injunction 04/17/2023 HOME CARE COMPANY FOR THE ELDERLY AND DISABLED
Late compliance with data anonymization (injunction procedure)
Liquidation of the penalty payment of €10,000 04/17/2023 COMPANY DEVELOPING FACIAL RECOGNITION SOFTWARE Failure to respond to the injunction Liquidation of the fine of 5,200,000 euros 05/11/2023 COMPANY PUBLISHING A WEBSITE OFFERING ARTICLES, TESTS, QUIZES AND DISCUSSION FORUMS RELATED TO HEALTH AND WELL-BEING Retention period
Consent of individuals (health data)
Relationship between data controller and data processor
Lack of data security
Consent of individuals (cookies and trackers) Amende de 380 000 euros 05/12/2023 DENTIST SURGEON (simplified procedure) Failure to respect right of access
Failure to cooperate with the CNIL Fine of €4,500 and injunction 06/08/2023 ONLINE CLEARVOYANCE Failure to comply with data minimisation principle
Retention period
Obligation to process data lawfully
Consent of individuals (sensitive data)
Informing individuals and transparency
Regulation of the relationship between the controller and the processor
Lack of data security
Obligation to document a data breach
Consent of individuals (cookies) 150,000 euro fine 06/15/2023 COMPANY SPECIALISING IN THE DISPLAY OF TARGETED ADVERTISING ON THE WEB Consent of individuals
Information and transparency
Failure to respect the right of access
Withdrawal of consent and deletion of data
Supervision of relations between joint data controllers Fine of 40 million euros 09/18/2023 AIR FREIGHT Data minimisation
Prohibition on processing special categories of personal data
Collection and processing of data relating to offences, convictions and security mesures
Lack of cooperation with the CNIL Fine of 200,000 euros 09/28/2023 FRENCH LITERARY MAGAZINE (simplified procedure) Information of individuals
Lack of cooperation with the CNIL Fine of 10,000 euros and order to comply with periodic penalty payment 09/28/2023 MANUFACTURE OF PLASTIC GOODS FOR COMMON USE (simplified procedure) Data minimisation
Information of individuals and transparency
Lack of data security Fine of 20,000 euros 09/28/2023 B2B RETAILING OF FROZEN FOOD(simplified procedure) Data minimisation
Data retention periods
Collection and processing of data relating to offences, convictions and security mesures
Information of individuals and transparency
Record of processing activities
Lack of data security Fine of 20,000 euros 09/28/2023 OPTICAL RETAILING (simplified procedure) Lack of cooperation with the CNIL Fine of 20,000 euros and order to comply with periodic penalty payment 09/28/2023 COMPUTER SYSTEMS AND SOFTWARE CONSULTING (simplified procedure) Lack of cooperation with the CNIL Fine of 20,000 euros and order to comply with periodic penalty payment 10/12/2023 CHANNELS EDITING AND PAY TELEVISION DISTRIBUTION Consent of individuals (B2C prospecting purposes)
Failure to respect the right of access
Contractual framework between controllers and processors
Data breach documentation Fine of 600,000 euros 10/23/2023 PRESS WEBSITE PUBLISHER (simplified procedure)
Right to object
Lack of cooperation with the CNIL
Fine of 5,000 euros and order to comply 10/23/2023 CHILD ABUSE PREVENTION BLOG PUBLISHER (simplified procedure) Lack of cooperation with the CNIL Fine of 2,000 euros 10/26/2023 COMPANY WHOSE MAIN ACTIVITY IS EVENT MANAGEMENT (simplified procedure)
Data minimisation
Information of individuals and transparency
Record of processing activities
Lack of data security
Fine of 2,000 euros 11/08/2023 COMPANY SPECIALISING IN THE DEVELOPMENT AND THE IMPLEMENTATION OF EMPLOYEE MONITORING SOFTWARES (simplified procedure) Lack of cooperation with the CNIL Fine of 20,000 euros 11/09/2023 FRENCH MINISTRY Purpose diversion Reprimand 11/09/2023 FRENCH MINISTRY Purpose diversion Reprimand 11/08/2023 COMPANY SPECIALISED IN THE DEVELOPMENT AND IMPLEMENTATION OF EMPLOYEE MONITORING SOFTWARES (simplified procedure) Lack of cooperation with the CNIL Fine of 20,000 euros 11/15/2023 MUNICIPALITY (simplified procedure) Lawfulness of the processing
Data retention
Lack of security of personal data Fine of 6,000 euros 11/16/2023 COMPANY INVOLVED IN BUSINESS SUPPORT ACTIVITIES, IN PARTICULAR FOR TELEVISED EVENTS (simplified procedure) Lawfulness of the processing
Purpose misuse
Lack of security of personal data Fine of 8,000 euros 11/22/2023 ORTHOPHONIST (simplified procedure) Lack of cooperation with the CNIL
Health data right of access Fine of 5,000 euros and order to comply 12/11/2023 PUBLIC FIGURE (procédure simplifiée) Lack of respect of right to object Fine of 3,000 euros and order to comply 12/11/2023 FRENCH MINISTRY Lawfulness of the processing
Data accuracy principle
Lack of security of personal data Reprimand 12/11/2023 FRENCH MINISTRY Lawfulness of the processing
Data accuracy principle
Lack of security of personal data Reprimand 12/12/2023 MUNICIPALITY Designation of a data protection officer
Lack of cooperation with the CNIL Fine of 5,000 euros et injonction 12/27/2023 ASSOCIATION PROMOTING ACTIONS WITHIN A CITY (simplified procedure) Lack of cooperation with the CNIL Fine of 5,000 euros and order to comply 12/27/2023 PAEDIATRICIAN (simplified procedure) Lack of cooperation with the CNIL Fine of 1,000 euros 12/27/2023 COMPANY SOCIAL AND ECONOMIC COMMITTEE (simplified procedure) Obligation to involve the Data Protection Officer (DPO) in data protection issues
Obligation to help the DPO carry out his duties
Obligation to allow data subjects to contact the DPO Fine of 10,000 euros 12/27/2023 LOGISTICS SUPPORT COMPANY Lack of legal basis
Data minimisation
Information of individuals and transparency
Lack of security of personal data
Fine of 32 million euros
12/29/2023 IT SYSTEMS AND SOFTWARE CONSULTANCY COMPANY Prohibition on the processor recruiting another processor without the authorisation of the controller
Lack of security of personal data Fine of 100,000 euros 12/29/2023 ONLINE PAYMENT COMPANY Data retention
Information of individuals and transparency
Lack of security of personal data
Consent of individuals (cookies)
Fine of 105,000 euros
12/29/2023
COMPANY OFFERING TELECOMMUNICATION SERVICES Information of individuals and transparency
Consent of individuals (cookies) Fine of 10 million euros 12/29/2023 COMPANY PROVIDING ONLINE COMPETITIONS AND PRODUCT TESTS Lawfulness of the processing (commercial prospecting)
Record of processing activities Fine of 75,000 euros and order to comply Sanctions issued in 2022 Date Type of organization Main breaches/Theme subject Adopted decision 01/02/2022 VEHICLE MAINTENANCE AND REPAIR COMPANY
Failure to cooperate with the CNIL
Fine of €3,000 and injunction
03/21/2022 RESTAURANT
Failure to respect the principle of data minimization
Duration of conservation
Information of the persons
Register of processing activities
Cooperation with CNIL services
Lack of data security
Fine of €10,000 03/24/2022 NOTARY Partial compliance with the injunction issued Liquidation of the fine of €1,000 04/15/2022 APPLICATION SOFTWARE PUBLISHING COMPANY Obligation to regulate the relationship between the controller and the processor
Obligation for the processor to process data only on the instructions of the controller
Failure to maintain data security Fine of €1,500,000 06/23/2022 ELECTRICITY AND GAZ PRODUCER & PROVIDER
L 34-5 CPCE
Failure to provide information
Exercise of rights
Failure to respect the right of access
Failure to respect the right to object
Administrative fine of one million euros 06/13/2022 VEHICLE MAINTENANCE AND REPAIR COMPANY Failure to cooperate with the CNIL Liquidation of the fine of €3,900 07/07/2022 VEHICLE RENTAL COMPANY Inadequacy, irrelevance and excessive nature of data
Length of retention
Information to individuals Fine of 175,000 euros 08/03/2022 COMPANY SPECIALIZING IN THE HOTEL SECTOR L 34-5 CPCE
Consent of individuals
Failure to inform
Failure to respect the right of access
Failure to respect the right of opposition
Security and confidentiality of data Fine of 600,000 euros 09/08/2022 ECONOMIC INTEREST GROUPING OF THE CLERKS OF THE COMMERCIAL COURTS OF FRANCE
Data retention periods
Failure to secure personal data
Fine of 250,000 euros 10/17/2022 COMPANY DEVELOPING FACIAL RECOGNITION SOFTWARE
Failure to determine a legal basis
Failure to respect the right of access
Failure to respect the right of erasure
Fine of 20,000,000 euros and injunction 10/11/2022 COMPANY DEVELOPING VOICE OVER IP SOFTWARE AND INSTANT MESSAGING Data retention periods
Transparency
Failure to inform
Data protection by default
Obligation to conduct a privacy impact assessment
Failure to secure personal data Fine of 800,000 euros 11/24/2022 ENERGY, GAZ AND RELATED SERVICES PROVIDER L 34-5 CPCE - commercial prospecting
Failure to inform
Transparency
Failure to respect the right to object
Failure to respect the right of access
Failure to secure personal data
Fine of 600,000 euros
11/30/2022 PHONE OPERATOR
Exercice of rights
Failure to respect the right of access
Failure to respect the right of erasure
Obligation to document data
Fine of 300,000 euros and injunction 12/19/2022 COMPANY SELLING OPERATING SYSTEMS, APPLICATION SOFTWARE, HARDWARE AND RELATED SERVICES Consent of individuals (cookies and tracking devices) Fine of 60,000,000 euros and injunction 12/20/2022 COMPANY MARKETING A BUSINESS CONTACT EXTENSION Failure to dermine a legal basis
Failure to respect the right of access Dismissal 12/29/2022 A COMPANY THAT DEVELOPS AND MARKETS CONSUMER ELECTRONICS, PERSONAL COMPUTERS AND SOFTWARE Failure to respect the right of access
Lack of cooperation with the CNIL Fine of 8,000,000 euros 12/29/2022 PHYSICIAN (simplified procedure) Failure to respect the right of access
Lack of cooperation with the CNIL Fine of 5,000 euros 12/29/2022 PHYSICIAN (simplified procedure) Failure to respect the right of access
Lack of cooperation with the CNIL Fine of 5,000 euros 12/29/2022 UNIVERSITY (simplified procedure) Failure to respect the right of access
Lack of cooperation with the CNIL Fine of 10,000 euros 12/29/2022 COMPANY DEVELOPING MANAGEMENT SOFTWARE AND MARKETING SOFTWARE FOR LOCAL AUTHORITIES (simplified procedure)
Failure to comply with the data minimisation principle
Data retention period
Failure to inform
Failure to secure personal data
Fine of 15,000 euros 12/29/2022 COMPANIES OPERATING A RANGE OF CONTENT DISTRIBUTION PLATFORMS Consent of individuals (cookies and tracking devices) Fine of 5,000,000 euros 12/29/2022 MOBILE GAMES DEVELOPMENT COMPANY Consent of individuals (cookies and tracking devices) Fine of 3,000,000 euros Sanctions issued in 2021 Date Type of organization Main breaches/ Theme subject Adopted decision 01/06/2021 OPTICAL RETAIL TRADE
Failure to respect the exercise of individuals' rightsdata security deficiency
€250,000 financial penalty and injunction under penalty payment
01/11/2021 IT SOLUTIONS DEVELOPMENT COMPANY Lack of data security Financial penalty of €75,000 01/12/2021 MINISTRY
Lawfulness of the treatment
Lack of impact assessment
Lack of information to individuals
Call to order and injunction
06/03/2021 APPLICATION SOFTWARE PUBLISHING COMPANY
Lack of data securityillegality of
processed data
Financial penalty of €10,000 06/14/2021 COMPANY PUBLISHING A PRIVATE SALES WEBSITE DEDICATED TO DIY, GARDENING AND HOME IMPROVEMENT
Retention periods
Failure to
inform individuals
Failure to comply with requests for deletion of data
Failure to keep data secure
Consent for commercial prospecting
Financial penalty of €500,000 and injunctions 07/20/2020 INSURANCE
Duration of retention lack of
Information to individuals
Financial penalty of €1,750,000
07/26/2021 COMPANY SPECIALISED IN AGRICULTURAL BIOTECHNOLOGY
Failure to inform individuals - obligation to
Regulate relations with a subcontractor
Financial penalty of €400,000 07/27/2021 PRESS Consent of individuals (cookies)
Financial penalty of €50,000
09/15/2021 ADVERTISING COMPANY
Failure to comply with requests to rectify data
Failure to comply with erasure requests
lack of a register of processing activities
Cooperation with the CNIL
Financial penalty of €3,000 09/24/2021 MINISTRY
Lawfulness of the processing - retention period -
accuracy of the data
Lack of data security
Failure to inform individuals Call to order and injunction 10/21/2021 NOTARY Cooperation with the CNIL Financial penalty of 3,000 euros and injunction 10/28/2021 PRIVATE ORGANIZATION Failure to comply with injunction issued Liquidation of the penalty payment of €65,000 10/29/2021 PUBLIC ESTABLISHMENT OF AN INDUSTRIAL AND COMMERCIAL NATURE
Failure to comply with the principles of data minimization and responsibility for data retention
Lack of data security
Financial penalty of €400,000
12/28/2021 PAYMENT INSTITUTION
Obligation to regulate relationships with subcontractors
Failure to maintain data security
Obligation to notify individuals of a data breach
Financial penalty of €180,000 12/28/2021 TELEPHONE OPERATOR
Failure to respect the right of access
Failure to respect the right of rectification
Failure to respect the right to object
Obligation to protect data by design
Failure to ensure data security
Financial penalty of €300,000 12/30/2021 SALE OF FURNITURE ON THE INTERNET AND IN STORES
Retention period
Failure to inform individuals
Failure to comply with deletion requests
Obligation to regulate relations with subcontractors
Failure to ensure data security
Financial penalty of €120,000 12/31/2021 INTERNET SERVICES (SEARCH ENGINE, VIDEO PLATFORM, ETC.) Cookie refusal mechanism Financial penalty of €150,000,000 and injunction 12/31/2021 SOCIAL NETWORK
Cookie refusal mechanism
Failure to inform individuals
Financial penalty of €60,000,000 and injunction Sanctions issued in 2020 Date Type of organization Main breaches/ Theme subject Adopted decision 07/28/2020 E-BUSINESS Failure to comply with the data minimisation principle; failure to comply with the retention period; failure to inform individuals; failure to ensure data security and confidentiality
250,000 financial penalty and injunction under penalty payment
09/03/2020 POLITICAL ASSOCIATION Failure to cooperate with the CNIL services Dismissal 09/03/2020 POLITICAL FIGURE Breach of the obligation to process data lawfully Reprimand 09/03/2020 ADMINISTRATION Breach of the obligation to process data lawfully Reprimand 11/18/2020 LARGE RETAILING Failure to retain data; failure to exercise rights; failure to inform individuals; failure to provide access, erasure and objection rights; failure to ensure data security and confidentiality; failure to use cookies Financial penalty of €2,250,000 11/18/2020 BANK
Failure to process data fairly; failure to inform individuals; failure to use cookies
Financial penalty of €800,000
11/18/2020 COOPERATIVE OF RETAIL TRADERS Failure to ensure data security Financial penalty of €150,000 12/03/2020 TAXI COMPANY Failure to cooperate with the CNIL services Financial penalty of €3,000 12/07/2020 TECHNOLOGY SERVICES COMPANY Failure to comply with cookies; failure to inform individuals; failure to obtain consent; failure to exercise the right to object Financial penalties of €60 million and €40 million and injunctions under penalty 12/07/2020 E-COMMERCE COMPANY Failure to comply with cookies; failure to inform individuals €35 million fine and injunction under penalty 12/07/2020 PHYSICIAN Breach of the obligation to ensure data security; breach of the obligation to notify a data breach Financial penalty of €3,000 12/07/2020 PHYSICIAN Breach of the obligation to ensure data security; breach of the obligation to notify a data breach Financial penalty of €6,000 12/07/2020 COLD CALLING COMPANY Failure to obtain consent; failure to ensure the adequacy, relevance and non-excessiveness of the personal data processed by the company; failure to comply with the retention period; failure to inform individuals; failure to comply with the right to object; failure to provide a contractual framework for the processor Financial penalty of €7,300 and injunction under penalty payment 12/07/2020 HOME-BASED CHILDCARE COMPANY Failure to comply with the data minimisation principle; failure to comply with the retention period; failure to comply with the obligation to ensure data security Injunction under penalty payment 12/08/2020 MEAL DELIVERY COMPANY Breach of the obligation to obtain consent; breach of the obligation to inform individuals; breach of the obligation to respect the right of access; breach of the obligation to ensure data security €20,000 and an injunction under penalty payment Sanctions issued in 2019 Date Name or type of organization Main breaches/ Theme subject Adopted decision
1/21/2019
OS AND SERVICES
Lack of transparency, unsatisfying information and lack of valid consent
Monetary penalty of 50 000 000 euros
1/31/2019
ONLINE SEARCH ENGINE
De-listing
Dropping of charges
1/31/2019
PROPERTY MANAGEMENT COMPANY
Security and personal data retention period
Dropping of charges
1/31/2019
NATIONAL PUBLIC ADMINISTRATION
Personal data security breach
Injunction with periodic penalty payment
5/28/2019
PROPERTY MANAGEMENT COMPANY
Personal data security breach and non-compliance with the retention periods
Monetary penalty of 400 000 euros
6/13/2019 TRANSLATION COMPANY
Inadequate and excessive data, irrelevant, unsatisfying information, personal data security breach
Video surveillance Monetary penalty of 20 000 euros, injunction with periodic penalty payment 7/18/2019 INSURANCE INTERMEDIARY COMPANY
Personal data security breach
Monetary penalty of 180 000 euros 10/10/2019 EARLY CHILDHOOD PHOTOGRAPHY COMPANY
Failure to comply with the rights of access and to erasure, data security and confidentiality breach
Monetary penalty 11/21/2019 ISOLATION EQUIPMENT INSTALLATION COMPANY Inadequate, irrelevant and excessive data, lack of individual information, non-compliance with the right to object, lack of cooperation with the supervisory authority, no legal data transfer outside the UE Monetary penalty of 500 000 euros 30/12/2019 HELP TO DISABLED AND ELDERLY INDIVIDUALS
Infringements on data retention limitation principle
Unsatisfying information
Infringements to the obligation of security by processor
Monetary penaly, injunction with periodic penalty payment Sanctions issued in 2018 Date Name or type of organization Main breaches / Theme subject Adopted decision
1/8/2018
HOUSEHOLD APPLIANCES RETAIL
Personal data security breach
Website
Monetary penalty
5/7/2018
OPTICAL RETAIL
Personal data security breach
Website
Monetary penalty
6/21/2018
ASSOCIATION
Personal data security breach
Website
Monetary penalty
6/26/2018 PROXIMITY FREIGHT TRANSPORT ROAD Failure to comply with the rights of access (especially on tachograph data) Injunction with periodic penalty payment 7/24/2018 PRESS GROUP Personal data security breach and non-compliance with the retention periods Monetary penalty of 400 000 euros 7/24/2018 VIDEO-SHARING PLATFORM
Personal data security breach
Website Monetary penalty 7/24/2018 SOCIAL BUILDING CONSTRUCTION & MANAGEMENT Personal data misuse Monetary penalty 7/24/2018 METAL TREATMENT AND COATING COMPANY Lack of answer to an order to comply from the CNIL Monetary penalty 9/6/2018 ASSOCIATION
Personal data security breach
Website Monetary penalty 9/6/2018 ELEVATORS AND PARKING CCTV
Excessive data, unsatisfying information, lack of personal data security and confidentiality
Phone communication recording/Biometrics Monetary penalty 12/19/2018 PRIVATE TRANSPORTS COMPANY
Personal data security breach
Mobile application Monetary penalty 12/26/2018 TELECOM PROVIDER
Personal data security breach
Website Monetary penalty This can also interest you ...
RetroSearch is an open source project built by @garambo
| Open a GitHub Issue
Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo
HTML:
3.2
| Encoding:
UTF-8
| Version:
0.7.3