Search Privacy Fines
Browse and filter privacy enforcement fines worldwide.
53 fines found
Total: $1.8B
| Date | Company | Fine | Regulation | Authority | Country | Type | Summary |
|---|---|---|---|---|---|---|---|
| 2022-11-24 | ÉLECTRICITÉ DE FRANCE | €600K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 7 GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 15 GDPR, Art. 21 GDPR, Art. L. 34-5 CPCE |
| 2022-08-19 | ACCOR SA | €600K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information | --Articles: Art. 12 GDPR, Art. 13 GDPR, Art. 15 GDPR, Art. 21 GDPR, Art. 32 GDPR, L. 34-5 CPCE |
| 2019-11-21 | Futura Internationale | €500K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 21 GDPR |
| 2021-06-14 | Brico Prive | €500K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 5 (1) e) GDPR, Art. 13 GDPR, Art. 17 GDPR, Art. 32 GDPR, Art. 82 Loi informatique et libertés, Art. L. 34-5 CPCE |
| 2019-11-21 | Futura Internationale | €500K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | Futura Internationale was fined because after several individuals have complaine...Futura Internationale was fined because after several individuals have complained that they were cold-called by the company even after they have expressly requested not to be called again. The reason why the fine was so high relative to similar cases and fines was that the CNIL determined that the company had received a large number of letters requesting to be taken off from the call lists but decided to ignore them. More so, Futura Internationale was found to store excessive information about customers and their health data. The company did also not inform their customers about the processing of their personal data and that all telephone conversations were recorded. Articles: Art. 5 GDPR, Art. 6 GDPR, Art. 13 GDPR, Art. 14 GDPR, Art. 21 GDPR |
| 2021-07-26 | Monsanto Corporation | €400K | GDPR | French Data Protection Authority (CNIL) | France | Information obligation non-compliance | --Articles: Art. 14 GDPR, Art. 28 GDPR |
| 2019-05-28 | SERGIC | €400K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | The company was fined because of two reasons – the complete lack of security mea...The company was fined because of two reasons – the complete lack of security measures, and excessive data storage. Regarding the former reason, personal data, including health cards, IDs, divorce judgments, and account statements were available online with no authentication procedure. Moreover, the company breached the data storage deadline it had in place and kept clients’ data for more than it should have. Articles: Art. 32 GDPR |
| 2021-11-04 | Régie autonome des transports parisiens | €400K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR, Art. 5 (1) e) GDPR, Art. 5 (2) GDPR, Art. 32 GDPR |
| 2019-05-28 | SERGIC | €400K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2022-12-08 | FREE SAS | €300K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 17 GDPR, Art. 32 GDPR, Art. 33 GDPR |
| 2021-12-28 | FREE MOBILE | €300K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 12 GDPR, Art. 15 GDPR, Art. 21 GDPR, Art. 25 GDPR, Art. 32 GDPR |
| 2020-08-05 | Spartoo | €250K | GDPR | French Data Protection Authority (CNIL) | France | Failure to comply with data processing principles | --Articles: Art. 5 (1) GDPR, Art. 13 GDPR, Art. 14 GDPR |
| 2022-09-13 | GIE INFOGREFFE | €250K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information | --Articles: Art. 5 (1) e) GDPR, Art. 32 GDPR |
| 2019-07-25 | Active Assurances | €180K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2019-07-25 | Active Assurances | €180K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | The company had allowed for personal data belonging to clients (including copies...The company had allowed for personal data belonging to clients (including copies of the driver’s license) to be publicized online. Apparently, unauthorized access was detected, and the fault lies with the inappropriate security measures. Articles: Art. 32 GDPR |
| 2021-12-28 | SLIMPAY | €180K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 28 GDPR, Art. 32 GDPR, Art. 34 GDPR |
| 2022-07-07 | UBEEQO INTERNATIONAL | €175K | GDPR | French Data Protection Authority (CNIL) | France | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 12 GDPR |
| 2021-01-27 | Unknown | €150K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2023-03-16 | CITYSCOOT | €125K | GDPR | French Data Protection Authority (CNIL) | France | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) GDPR, Art. 28 (3) GDPR, Art. 82 Loi informatique et libertés |
| 2021-01-27 | Unknown | €75K | GDPR | French Data Protection Authority (CNIL) | France | Failure to implement sufficient measures to ensure information security | --Articles: Art. 32 GDPR |
| 2021-07-29 | Le Figaro | €50K | GDPR | French Data Protection Authority (CNIL) | France | Failure to comply with data processing principles | --Articles: Art. 5 (1) c) |
| 2021-01-05 | Nestor SAS | €20K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with subjects' rights protection safeguards | --Articles: Art. 12 GDPR, Art. 13 GDPR |
| 2019-06-13 | Uniontrad Company | €20K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with lawful basis for data processing | --Articles: Art. 5 (1) c) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 32 GDPR |
| 2019-06-13 | Uniontrad Company | €20K | GDPR | French Data Protection Authority (CNIL) | France | Non-compliance with lawful basis for data processing | Complaints from the employees were received that they were unlawfully filmed in ...Complaints from the employees were received that they were unlawfully filmed in the workspace. The company failed to observe the rules pertaining to the unlawful filming of employees all the time, and the necessity of providing information related to the data processing to the employees. The CNIL performed an audit in October 2018, and the company wasn’t observing the data protection laws. Therefore, fines were issued. Articles: Art. 5 (1) c) GDPR, Art. 12 GDPR, Art. 13 GDPR, Art. 32 GDPR |
| 2020-12-07 | Perfomeclic | €7K | GDPR | French Data Protection Authority (CNIL) | France | Failure to comply with data processing principles | --Articles: Art. 5 (1) c), e) GDPR, Art. 14 GDPR, Art. 21 GDPR, Art. 28 GDPR, Art. L34-5 CPCE |