The sanctions issued by the CNIL


The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.

Sanctions issued in 2022

Date Type d'organisme Manquements principaux / Thème Décision adoptée
01/02/2022 VEHICLE MAINTENANCE AND REPAIR COMPANY

Failure to cooperate with the CNIL

Fine of  €3,000 and injunction

03/21/2022 RESTAURANT

Failure to respect the principle of data minimization
Duration of conservation
Information of the persons
Register of processing activities
Cooperation with CNIL services
Lack of data security

Fine of  €10,000
03/24/2022 NOTARY Partial compliance with the injunction issued Liquidation of the fine of €1,000
04/15/2022 APPLICATION SOFTWARE PUBLISHING COMPANY Obligation to regulate the relationship between the controller and the processor
Obligation for the processor to process data only on the instructions of the controller
Failure to maintain data security
Fine of €1,500,000
06/23/2022 ELECTRICITY AND GAZ PRODUCER & PROVIDER

L 34-5 CPCE
Failure to provide information
Exercise of rights  
Failure to respect the right of access
Failure to respect the right to object

Administrative fine of one million euros
06/13/2022 VEHICLE MAINTENANCE AND REPAIR COMPANY Failure to cooperate with the CNIL Liquidation of the fine of €3,900
07/07/2022 VEHICLE RENTAL COMPANY Inadequacy, irrelevance and excessive nature of data
Length of retention
Information to individuals
Fine of 175,000 euros
08/03/2022 COMPANY SPECIALIZING IN THE HOTEL SECTOR L 34-5 CPCE
Consent of individuals
Failure to inform
Failure to respect the right of access
Failure to respect the right of opposition
Security and confidentiality of data
Fine of 600,000 euros
09/08/2022 ECONOMIC INTEREST GROUPING OF THE CLERKS OF THE COMMERCIAL COURTS OF FRANCE

Data retention periods
Failure to secure personal data

Fine of 250,000 euros
10/17/2022 COMPANY DEVELOPING FACIAL RECOGNITION SOFTWARE

Failure to determine a legal basis
Failure to respect the right of access
Failure to respect the right of erasure

Fine of 20,000,000 euros and injunction
10/11/2022 COMPANY DEVELOPING VOICE OVER IP SOFTWARE AND INSTANT MESSAGING Data retention periods
Transparency
Failure to inform
Data protection by default
Obligation to conduct a privacy impact assessment
Failure to secure personal data
Fine of 800,000 euros
11/24/2022 ENERGY, GAZ AND RELATED SERVICES PROVIDER L 34-5 CPCE - commercial prospecting
Failure to inform
Transparency
Failure to respect the right to object
Failure to respect the right of access
Failure to secure personal data

Fine of 600,000 euros

11/30/2022 PHONE OPERATOR

Exercice of rights
Failure to respect the right of access
Failure to respect the right of erasure
Obligation to document data

Fine of 300,000 euros and injunction
12/19/2022 COMPANY SELLING OPERATING SYSTEMS, APPLICATION SOFTWARE, HARDWARE AND RELATED SERVICES Consent of individuals (cookies and tracking devices) Fine of 60,000,000 euros and injunction
12/20/2022 COMPANY MARKETING A BUSINESS CONTACT EXTENSION Failure to dermine a legal basis
Failure to respect the right of access
Dismissal
12/29/2022 A COMPANY THAT DEVELOPS AND MARKETS CONSUMER ELECTRONICS, PERSONAL COMPUTERS AND SOFTWARE Failure to respect the right of access
Lack of cooperation with the CNIL
Fine of 8,000,000 euros
12/29/2022 PHYSICIAN (simplified procedure) Failure to respect the right of access
Lack of cooperation with the CNIL
Fine of 5,000 euros
12/29/2022 PHYSICIAN (simplified procedure) Failure to respect the right of access
Lack of cooperation with the CNIL
Fine of 5,000 euros
12/29/2022 UNIVERSITY (simplified procedure) Failure to respect the right of access
Lack of cooperation with the CNIL
Fine of 10,000 euros
12/29/2022 COMPANY DEVELOPING MANAGEMENT SOFTWARE AND MARKETING SOFTWARE FOR LOCAL AUTHORITIES (simplified procedure)

Failure to comply with the data minimisation principle
Data retention period
Failure to inform
Failure to secure personal data

Fine of 15,000 euros
12/29/2022 COMPANIES OPERATING A RANGE OF CONTENT DISTRIBUTION PLATFORMS Consent of individuals (cookies and tracking devices) Fine of 5,000,000 euros
12/29/2022 MOBILE GAMES DEVELOPMENT COMPANY Consent of individuals (cookies and tracking devices) Fine of 3,000,000 euros

Sanctions issued in 2021


Sanctions issued in 2020


Sanctions issued in 2019


Sanctions issued in 2018


Keywords associated to this article