FrEnCookies manager
  1. Home
  2. Commercial prospecting: FORIOU fined €310,000

Commercial prospecting: FORIOU fined €310,000

05 March 2024

On 31 January 2024, the CNIL fined FORIOU 310,000 euros for using data supplied by data brokers for commercial prospecting purposes, without ensuring that the individuals concerned had given their valid consent.

Information background

FORIOU carries out phone prospecting campaigns in order to promote the loyalty programs and cards it markets. Data of solicited prospects are purchased by the company from data brokers and publishers of competition and product testing websites.

On the basis of the findings made during the investigations, the restricted committee - the CNIL body responsible for issuing sanctions - considered that the misleading appearance of the data collection forms used by data brokers responsible for collecting the data did not allow valid consent to be obtained from the individuals concerned. FORIOU therefore had no legal basis for using this data for canvassing purposes, in breach of the provisions of Article 6 of the General Data Protection Regulation (GDPR).

The Commission imposed a fine of 310,000 euros on the company, which was made public.

The amount of the fine, which represents around 1% of the company's turnover, was decided in the light of the seriousness of the breach and the responsibility assumed by the organisation using the data collected.

Lack of free and unambiguous consent, and inadequate information

In order to carry out its phone prospecting campaigns, FORIOU purchases prospect data from several data brokers. Data are collected by the data brokers via participation forms for competitions or online product testing on various websites.

The restricted committee considers that the misleading appearance of these forms makes it impossible to obtain free and unambiguous consent, as required o by the GDPR, which would provide a basis for the company's canvassing operations.

Examples of forms used by data brokers:

FORIOU - Form examples

 

Click on the image or here to open the PDF

Indeed, the prominence given to the buttons requiring users to transmit their data for commercial prospecting purposes (by their size, colour, title and location), compared with the hypertext links enabling users to take part in the game without accepting this transmission (of a much smaller size and blending in with the body of the text), strongly encourages users to accept.

It is up to the company, as the user of the data collected, to ensure that the individuals concerned have expressed valid consent. In this respect, the restricted committee noted that, although the company had imposed certain contractual requirements on its data suppliers upstream, no effective control of these requirements was carried out downstream. Thus, the CNIL noted a significant proportion of non-compliant prospect files.

In addition, the competition forms from which the prospective customers' data was collected did not systematically mention FORIOU in the list of partners likely to approach the individuals concerned.

Texte reference

The decision (in French)

Texte reference

Official texts

Texte reference

Read more

This can also interest you ...

Commercial prospecting: HUBSIDE.STORE fined €525,000
On April 4th 2024, the CNIL fined HUBSIDE.STORE 525,000 euros for having used data supplied by data ...
09 April 2024
Sanctions
Data retention period and data security: the CNIL fined PAP 100,000 euros
On January 31, 2024, the CNIL imposed a penalty of 100,000 euros on PAP, publisher of the pap.fr (De...
13 February 2024
Sanctions
UBER: Dutch data protection authority imposes €10 million fine
On December 11th 2023, in cooperation with the CNIL, the Dutch data protection authority fined Uber ...
31 January 2024
Sanctions