The sanctions issued by the CNIL
The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.
Date | Type of organization | Main breaches/Theme subject | Adopted decision |
---|---|---|---|
01/09/2024 | WEBSITE PUBLISHER - REVERSE LOOK-UP DIRECTORY (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €1,500 |
01/15/2024 | LAWYER (simplified procedure) | Failure to cooperate with the CNIL Failure to respect the right of erasure |
Fine of €5,000 |
01/22/2024 | LAWYER (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €500 |
01/24/2024 | PHARMACEUTICAL WHOLESALE BUSINESS (simplified procedure) | Lack of data security Failure to cooperate with the CNIL Register of processing activities Obligation for processors to offer sufficient guarantees, recruited after authorization by the controller |
Fine of €20,000 |
01/25/2024 | POLITICAL ASSOCIATION (simplified procedure) |
Information of individuals and transparency (political canvassing) |
Fine of €20,000 |
01/31/2024 | PUBLISHER OF A WEBSITE OFFERING INDIVIDUALS THE OPPORTUNITY TO PUBLISH OR CONSULT REAL ESTATE ADS AND OTHER SERVICES |
Lack of data security |
Fine of €100,000 |
01/31/2024 | INDIVIDUAL (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €500 |
01/31/2024 | DENTAL SURGEON (simplified procedure) | Lack of data security Failure to respect the right of access (health data) |
Fine of €5,000 |
01/31/2024 | WEBSITE PUBLISHER - NEWS IN THE FIELD OF NEW TECHNOLOGIES (simplified procedure) | Lack of data security | Fine of €20,000 |
01/31/2024 | COMPANY ENGAGED IN THE MARKETING AND MANAGEMENT OF LOYALTY PROGRAMS AND CARDS (simplified procedure | Obligation to process data lawfully (commercial prospecting by phone) |
Fine of €310,000 |
01/31/2024 | BUSINESS SUPPORT COMPANY (simplified procedure) | Lack of data security | Fine of €10,000 |
02/29/2024 | SCIENTIFIC RESEARCH AND DEVELOPMENT COMPANY (simplified procedure) | Obligation to process data lawfully | Fine of €10,000 |
02/29/2024 | DENTAL SURGEON (procédure simplifiée) | Lack of data security Failure to respect the right of access (health data) |
Fine of €4,000 |
04/04/2024 | RETAIL SALE OF TELECOMMUNICATIONS EQUIPMENT | Consent of individuals (commercial prospecting by phone - Article L. 34-5 of the French Postal and Electronic Communications Code) Défaut de base légale Information des personnes (art. 14) et transparence |
Fine of €525,000 |
04/04/2024 | COMPANY ENGAGED IN COMMERCIAL PROSPECTING BY E-MAIL ON BEHALF OF ADVERTISERS | No response to injunction | Liquidation of the penalty payment of €25,000 |
04/25/2024 | COMPANY OPERATING SHOE AND SPORTSWEAR STORES (simplified procedure) | Information of individuals and consent (cookies) |
Fine of €15,000 |
04/25/2024 | ASSOCIATION PARTICIPATING IN THE ACTIVITIES OF POLITICAL ORGANIZATIONS (simplified procedure) | Lack of legal basis | Fine of €16,000 euros and injunction |
04/25/2024 | FRENCH LITERARY REVIEW (simplified procedure) | Late compliance for erasure requests (injunction procedure) | Liquidation of the penalty payment of €3,000 |
05/23/2024 | NATIONAL PUBLIC ESTABLISHMENT (TEACHING) (simplified procedure) | Data minimization Information of individuals and consent |
Fine of €6,000 |
05/23/2024 | COMPANY ENGAGED IN OPTICAL RETAILING (simplified procedure) | Late response to formal notice (injunction procedure) | Liquidation of the penalty payment of €4,000 |
05/23/2024 | COMPANY MANAGING A CALL PLATFORM FOR PROFESSIONAL SECRETARIAT (simplified procedure) | Data minimization Information of individuals and consent Lack of data security |
Fine of €15,000 |
05/23/2024 | COMPANY MANAGING A CALL PLATFORM FOR PROFESSIONAL SECRETARIAT (simplified procedure) | Data minimization Information of individuals and consent Lack of data security |
Fine of €10,000 |
06/10/2024 | BAKERY (simplified procedure) | Information of individuals Obligation to process data lawfully (CCTV) Data minimization (CCTV) |
Fine of €5,000 |
06/10/2024 | COMPANY DISTRIBUTING JOURNALISTIC CONTENT (simplified procedure) |
Information of individuals and consent (cookies) |
Fine of €3,000 and injunction |
06/10/2024 | GENERAL PRACTITIONER (simplified procedure) | Failure to respect the right of access (medical records) Lack of cooperation with the CNIL |
Fine of €4,000 and injunction |
06/27/2024 | COMPANY SPECIALIZING IN PROPERTY MANAGEMENT AND COMMERCIAL OPERATIONS COMPANY BROADCASTING JOURNALISTIC CONTENT (procédure simplifiée) |
Information of individuals and consent (cookies) |
Fine of €12,000 |
07/09/2024 | FRENCH MINISTRY |
Data retention |
Call to order and injunction |
07/22/2024 | MUNICIPALITY | Failure to respond to injunction and non-compliance | Liquidation of the penalty payment of €6,900 |
07/25/2024 | PRIVATE HIGHER EDUCATION ESTABLISHMENT (simplified procedure) | Data minimization Data retention Lack of data security |
Fine of €20,000 |
08/08/2024 | ENERGY BROKERAGE COMPANY (simplified procedure) |
Data minimization |
Fine of €20,000 and injunction |
08/20/2024 | WEBSITE HOST (simplified procedure) | Failure to respect the right to object Lack of cooperation with the CNIL |
Fine of €8,000 |
08/28/2024 | COMPANY SPECIALIZING IN STATISTICAL STUDIES OF HEALTH DATA | Authorization from the CNIL unrequested (health data wahehouse) | Fine of €800,000 |
08/28/2024 | COMPANY SPECIALIZING IN THE MANAGEMENT OF HEALTH DATA FLOWS | Authorization from the CNIL unrequested (health data wahehouse) | Fine of €200,000 |
08/29/2024 | WEB PUBLISHER IN THE TRANSPORT SECTOR | Obligation to perform a data protection impact assessment Information of individuals and consent Obligation to process data lawfully |
Fine of €300,000 |
09/05/2024 | CLOTHING RETAILING COMPANY (simplified procedure) | Obligation to process data lawfully Data minimization Information of individuals and transparency (CCTV) Lack of cooperation with the CNIL |
Fine of €15,000 |
09/05/2024 | FENCE MANUFACTURING AND INSTALLATION COMPANY (simplified procedure) | Failure to respect the right to access Lack of cooperation with the CNIL |
Fine of €10,000 |
09/05/2024 | PUBLICATION AND SALE OF MANAGEMENT SOFTWARES FOR PHYSICIANS | Failure to apply for a CNIL authorization (health data warehouse) Obligation to process data lawfully |
Fine of €800,000 |
09/12/2024 | COMPANY OPERATING A CASINO AND A HOTEL (simplified procedure) | Information of individuals (CCTV) Failure to respect the right of access |
Fine of €12,000 |
09/13/2024 | MUNICIPALITY (simplified procedure) |
Unlawful processing of data |
Fine of €20,000 |
09/19/2024 | ARMOURY SELLING ONLINE AND IN-STORE (simplified procedure) | Data retention period Information of people and transparency Failure to respect the right of erasure Lack of data security Obligation to document a data breach |
Fine of €20,000 |
09/26/2024 | COMPANY OFFERING IT SYSTEMS AND SOFTWARE CONSULTANCY SERVICES, SOFTWARE PUBLISHING AND PRODUCTION | Lack of cooperation with the CNIL Failure to respect the right of erasure |
Fine of €15,000 and injunction |
09/26/2024 | TRAINING ORGANISATION FOR HEALTHCARE PROFESSIONALS |
Information of people and consent (cookies) |
Fine of €15,000 and injunction |
09/26/2024 | COMPANY OFFERING REMOTE DIVINATION SERVICES | Consent of people (online commercial prospection) Consent of people (special data category) Data retention period Minimisation of data |
Fine of €250,000 |
09/26/2024 | COMPANY ENGAGED IN THE DEVELOPMENT AND PROVISION OF IT AND DIGITAL SERVICES | Consent of people (online commercial prospection) Consent of people (special data category) Data retention period |
Fine of €150,000 |
09/26/2024 | MARKETING COMPANY (simplified procedure) | Failure to respond to the injunction and non-compliance (injunction procedure) | Liquidation of penalty of €3,000 |
09/30/2024 | ASSOCIATION FOR THE CREATION OF A PSYCHIATRIC HEALTH NETWORK (simplified procedure) | Lack of cooperation with the CNIL Failure to respect the right of access |
Fine of €3,000 |
10/10/2024 | COMPANY MARKETING CRYPTOCURRENCY WALLETS | Lack of data security Data retention period |
Fine of €750,000 |
10/11/2024 | ORTHOPHONIST (simplified procedure) | Failure to respond to the injunction and non-compliance | Liquidation of penalty of €4,000 |
10/17/2024 | MINISTRY |
Obligation to process accurate data |
Call to order and injunction |
10/17/2024 | MINISTRY | Obligation to process accurate data Information of people Failure to respect the right of access Failure to respect the right of rectification Failure to respect the right of erasure |
Call to order and injunction |
10/17/2024 | COMPANY ENGAGED IN THE PROVISION OF SERVICES (MANAGEMENT OF TELEPHONE CALLS) (simplified procedure) | Information of people (CCTV and phone recording) Failure to respect the right to object Lack of data security |
Fine of €20,000 |
10/17/2024 | DENTIST SURGEON (simplified procedure) | Failure to respect the right of access (medical file) Lack of cooperation with the CNIL |
Fine of €3,000 and injunction |
10/23/2024 | ASSOCIATION PARTICIPATING IN THE ACTIVITIES OF POLITICAL ORGANISATIONS (simplified procedure) | Failure to respond to an injunction and non-compliance (injunction procedure) | Liquidation of penalty of €4,000 |