The sanctions issued by the CNIL

22 December 2020

The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.

Sanctions issued in 2021
Date	Type d'organisme	Manquements principaux / Thème	Décision adoptée
06/01/2021	OPTICAL RETAIL TRADE	Failure to respect the exercise of individuals' rightsdata security deficiency	€250,000 financial penalty and injunction under penalty payment
11/01/2021	IT SOLUTIONS DEVELOPMENT COMPANY	Lack of data security	Financial penalty of €75,000
12/01/2021	MINISTRY	Lawfulness of the treatment Lack of impact assessment Lack of information to individuals	Call to order and injunction
03/06/2021	APPLICATION SOFTWARE PUBLISHING COMPANY	Lack of data securityillegality of processed data	Financial penalty of €10,000
14/06/2021	COMPANY PUBLISHING A PRIVATE SALES WEBSITE DEDICATED TO DIY, GARDENING AND HOME IMPROVEMENT	Retention periods Failure to inform individuals Failure to comply with requests for deletion of data Failure to keep data secure Consent for commercial prospecting	Financial penalty of €500,000 and injunctions
20/07/2020	INSURANCE	Duration of retention lack of Information to individuals	Financial penalty of €1,750,000
26/07/2021	COMPANY SPECIALISED IN AGRICULTURAL BIOTECHNOLOGY	Failure to inform individuals - obligation to Regulate relations with a subcontractor	Financial penalty of €400,000
27/07/2021	PRESS	Consent of individuals (cookies)	Financial penalty of €50,000

Sanctions issued in 2020

Date	Type d'organisme	Manquements principaux / Thème	Décision adoptée
28/07/2020	E-BUSINESS	Failure to comply with the data minimisation principle; failure to comply with the retention period; failure to inform individuals; failure to ensure data security and confidentiality	250,000 financial penalty and injunction under penalty payment
03/09/2020	POLITICAL ASSOCIATION	Failure to cooperate with the CNIL services	Dismissal
03/09/2020	POLITICAL FIGURE	Breach of the obligation to process data lawfully	Call to order
03/09/2020	ADMINISTRATION	Breach of the obligation to process data lawfully	Call to order
18/11/2020	LARGE RETAILING	Failure to retain data; failure to exercise rights; failure to inform individuals; failure to provide access, erasure and objection rights; failure to ensure data security and confidentiality; failure to use cookies	Financial penalty of €2,250,000
18/11/2020	BANK	Failure to process data fairly; failure to inform individuals; failure to use cookies	Financial penalty of €800,000
18/11/2020	COOPERATIVE OF RETAIL TRADERS	Failure to ensure data security	Financial penalty of €150,000
03/12/2020	TAXI COMPANY	Failure to cooperate with the CNIL services	Financial penalty of €3,000
07/12/2020	TECHNOLOGY SERVICES COMPANY	Failure to comply with cookies; failure to inform individuals; failure to obtain consent; failure to exercise the right to object	Financial penalties of €60 million and €40 million and injunctions under penalty
07/12/2020	E-COMMERCE COMPANY	Failure to comply with cookies; failure to inform individuals	€35 million fine and injunction under penalty
07/12/2020	PHYSICIAN	Breach of the obligation to ensure data security; breach of the obligation to notify a data breach	Financial penalty of €3,000
07/12/2020	PHYSICIAN	Breach of the obligation to ensure data security; breach of the obligation to notify a data breach	Financial penalty of €6,000
07/12/2020	COLD CALLING COMPANY	Failure to obtain consent; failure to ensure the adequacy, relevance and non-excessiveness of the personal data processed by the company; failure to comply with the retention period; failure to inform individuals; failure to comply with the right to object; failure to provide a contractual framework for the processor	Financial penalty of €7,300 and injunction under penalty payment
08/12/2020	HOME-BASED CHILDCARE COMPANY	Failure to comply with the data minimisation principle; failure to comply with the retention period; failure to comply with the obligation to ensure data security	Injunction under penalty payment
08/12/2020	MEAL DELIVERY COMPANY	Breach of the obligation to obtain consent; breach of the obligation to inform individuals; breach of the obligation to respect the right of access; breach of the obligation to ensure data security	€20,000 and an injunction under penalty payment

Sanctions issued in 2019

Sanctions issued in 2018

Keywords associated to this article

#Sanctions

This can also interest you ...

Cookies: penalty of 50,000 euros against SOCIETE DU FIGARO

The CNIL restricted committee has imposed a fine of 50,000 euros on SOCIETE DU FIGARO for installing advertising cookies from the lefigaro.fr website without obtaining the prior ...

Lobbying file: penalty of 400,000 euros against MONSANTO

The CNIL has imposed a fine of 400,000 euros on MONSANTO for not having informed the individuals whose data were recorded in a file for lobbying purposes.

Termination of the injunction against AMAZON

By a decision dated 8 July 2021, the CNIL’s restricted committee closed the injunction issued against AMAZON EUROPE CORE on 7 December 2020.