01/09/2024 |
WEBSITE PUBLISHER - REVERSE LOOK-UP DIRECTORY (simplified procedure) |
Failure to cooperate with the CNIL
Failure to respect the right of access
Failure to respect the right to object
|
Fine of €1,500
|
01/15/2024 |
LAWYER (simplified procedure) |
Failure to cooperate with the CNIL
Failure to respect the right of erasure |
Fine of €5,000 |
01/22/2024 |
LAWYER (simplified procedure) |
Failure to cooperate with the CNIL
|
Fine of €500
|
01/24/2024 |
PHARMACEUTICAL WHOLESALE BUSINESS (simplified procedure) |
Lack of data security
Failure to cooperate with the CNIL
Register of processing activities
Obligation for processors to offer sufficient guarantees, recruited after authorization by the controller |
Fine of €20,000 |
01/25/2024 |
POLITICAL ASSOCIATION (simplified procedure) |
Information of individuals and transparency (political canvassing)
|
Fine of €20,000 |
01/31/2024 |
PUBLISHER OF A WEBSITE OFFERING INDIVIDUALS THE OPPORTUNITY TO PUBLISH OR CONSULT REAL ESTATE ADS AND OTHER SERVICES |
Lack of data security
Framework for relations between the controller and the processor
Information of individuals and transparency
Data retention periods
|
Fine of €100,000 |
01/31/2024 |
INDIVIDUAL (simplified procedure) |
Failure to cooperate with the CNIL
|
Fine of €500 |
01/31/2024 |
DENTAL SURGEON (simplified procedure) |
Lack of data security
Failure to respect the right of access (health data) |
Fine of €5,000 |
01/31/2024 |
WEBSITE PUBLISHER - NEWS IN THE FIELD OF NEW TECHNOLOGIES (simplified procedure) |
Lack of data security |
Fine of €20,000 |
01/31/2024 |
COMPANY ENGAGED IN THE MARKETING AND MANAGEMENT OF LOYALTY PROGRAMS AND CARDS (simplified procedure |
Obligation to process data lawfully
(commercial prospecting by phone) |
Fine of €310,000 |
01/31/2024 |
BUSINESS SUPPORT COMPANY (simplified procedure) |
Lack of data security |
Fine of €10,000 |
02/29/2024 |
SCIENTIFIC RESEARCH AND DEVELOPMENT COMPANY (simplified procedure) |
Obligation to process data lawfully |
Fine of €10,000 |
02/29/2024 |
DENTAL SURGEON (simplified procedure) |
Failure to cooperate with the CNIL
Failure to respect the right of access (health data) |
Fine of €4,000 |
04/04/2024 |
RETAIL SALE OF TELECOMMUNICATIONS EQUIPMENT |
Consent of individuals (commercial prospecting by phone - Article L. 34-5 of the French Postal and Electronic Communications Code)
Lack of legal basis
Information of individuals and transparency (art. 14)
|
Fine of €525,000 |
04/04/2024 |
COMPANY ENGAGED IN COMMERCIAL PROSPECTING BY E-MAIL ON BEHALF OF ADVERTISERS |
No response to injunction |
Liquidation of the penalty payment of €25,000 |
04/25/2024 |
COMPANY OPERATING SHOE AND SPORTSWEAR STORES (simplified procedure) |
Information of individuals and consent (cookies) |
Fine of €15,000
|
04/25/2024 |
ASSOCIATION PARTICIPATING IN THE ACTIVITIES OF POLITICAL ORGANIZATIONS (simplified procedure) |
Lack of legal basis |
Fine of €16,000 euros and injunction |
04/25/2024 |
FRENCH LITERARY REVIEW (simplified procedure) |
Late compliance for erasure requests (injunction procedure) |
Liquidation of the penalty payment of €3,000 |
05/23/2024 |
NATIONAL PUBLIC ESTABLISHMENT (TEACHING) (simplified procedure) |
Data minimization
Information of individuals and consent |
Fine of €6,000 |
05/23/2024 |
COMPANY ENGAGED IN OPTICAL RETAILING (simplified procedure) |
Late response to compliance order (injunction procedure) |
Liquidation of the penalty payment of €4,000 |
05/23/2024 |
COMPANY MANAGING A CALL PLATFORM FOR PROFESSIONAL SECRETARIAT (simplified procedure) |
Data minimization
Information of individuals and consent
Lack of data security |
Fine of €15,000 |
05/23/2024 |
COMPANY MANAGING A CALL PLATFORM FOR PROFESSIONAL SECRETARIAT (simplified procedure) |
Data minimization
Information of individuals and consent
Lack of data security |
Fine of €10,000 |
06/10/2024 |
BAKERY (simplified procedure) |
Information of individuals
Obligation to process data lawfully (CCTV)
Data minimization (CCTV) |
Fine of €5,000
|
06/10/2024 |
COMPANY DISTRIBUTING JOURNALISTIC CONTENT (simplified procedure) |
Information of individuals and consent (cookies)
|
Fine of €3,000 and injunction |
06/10/2024 |
GENERAL PRACTITIONER (simplified procedure) |
Failure to respect the right of access (medical records)
Lack of cooperation with the CNIL |
Fine of €4,000 and injunction |
06/27/2024 |
COMPANY SPECIALIZING IN PROPERTY MANAGEMENT AND COMMERCIAL OPERATIONS COMPANY BROADCASTING JOURNALISTIC CONTENT (procédure simplifiée) |
Information of individuals and consent (cookies)
|
Fine of €12,000 |
07/09/2024 |
FRENCH MINISTRY |
Data retention
Obligation to process data lawfully
|
Reprimand and injunction |
07/22/2024 |
MUNICIPALITY |
Failure to respond to injunction and non-compliance |
Liquidation of the penalty payment of €6,900 |
07/25/2024 |
PRIVATE HIGHER EDUCATION ESTABLISHMENT (simplified procedure) |
Data minimization
Data retention
Lack of data security |
Fine of €20,000 |
08/08/2024 |
ENERGY BROKERAGE COMPANY (simplified procedure) |
Data minimization
Information of individuals and transparency (commercial prospection)
Recording of processing activities
|
Fine of €20,000 and injunction |
08/20/2024 |
WEBSITE HOST (simplified procedure) |
Failure to respect the right to object
Lack of cooperation with the CNIL |
Fine of €8,000 |
08/28/2024 |
COMPANY SPECIALIZING IN STATISTICAL STUDIES OF HEALTH DATA |
Authorization from the CNIL unrequested (health data wahehouse) |
Fine of €800,000 |
08/28/2024 |
COMPANY SPECIALIZING IN THE MANAGEMENT OF HEALTH DATA FLOWS |
Authorization from the CNIL unrequested (health data wahehouse) |
Fine of €200,000 |
08/29/2024 |
WEB PUBLISHER IN THE TRANSPORT SECTOR |
Obligation to perform a data protection impact assessment
Information of individuals and consent
Obligation to process data lawfully |
Fine of €300,000 |
09/05/2024 |
CLOTHING RETAILING COMPANY (simplified procedure) |
Obligation to process data lawfully
Data minimization
Information of individuals and transparency (CCTV)
Lack of cooperation with the CNIL |
Fine of €15,000 |
09/05/2024 |
FENCE MANUFACTURING AND INSTALLATION COMPANY (simplified procedure) |
Failure to respect the right to access
Lack of cooperation with the CNIL |
Fine of €10,000 |
09/05/2024 |
PUBLICATION AND SALE OF MANAGEMENT SOFTWARES FOR PHYSICIANS |
Failure to apply for a CNIL authorization (health data warehouse)
Obligation to process data lawfully |
Fine of €800,000 |
09/12/2024 |
COMPANY OPERATING A CASINO AND A HOTEL (simplified procedure) |
Information of individuals (CCTV)
Failure to respect the right of access |
Fine of €12,000 |
09/13/2024 |
MUNICIPALITY (simplified procedure) |
Unlawful processing of data
Data retention period
Record of processing activities
Obligation to appoint a Privacy Officer
Lack of cooperation with the CNIL
|
Fine of €20,000 |
09/19/2024 |
ARMOURY SELLING ONLINE AND IN-STORE (simplified procedure) |
Data retention period
Information of individuals and transparency
Failure to respect the right of erasure
Lack of data security
Obligation to document a data breach |
Fine of €20,000 |
09/26/2024 |
COMPANY OFFERING IT SYSTEMS AND SOFTWARE CONSULTANCY SERVICES, SOFTWARE PUBLISHING AND PRODUCTION |
Lack of cooperation with the CNIL
Failure to respect the right of erasure |
Fine of €15,000 and injunction |
09/26/2024 |
TRAINING ORGANISATION FOR HEALTHCARE PROFESSIONALS |
Information of individuals and consent (cookies)
Failure to respect the right of erasure
Framework for relations between the controller and the processor
Lack of data security
|
Fine of €15,000 and injunction |
09/26/2024 |
COMPANY OFFERING REMOTE DIVINATION SERVICES |
Consent of individuals (online commercial prospection)
Consent of individuals (special data category)
Data retention period
Minimisation of data |
Fine of €250,000 |
09/26/2024 |
COMPANY ENGAGED IN THE DEVELOPMENT AND PROVISION OF IT AND DIGITAL SERVICES |
Consent of individuals (online commercial prospection)
Consent of individuals (special data category)
Data retention period |
Fine of €150,000 |
09/26/2024 |
MARKETING COMPANY (simplified procedure) |
Failure to respond to the injunction and non-compliance (injunction procedure) |
Liquidation of penalty of €3,000 |
09/30/2024 |
ASSOCIATION FOR THE CREATION OF A PSYCHIATRIC HEALTH NETWORK (simplified procedure) |
Lack of cooperation with the CNIL
Failure to respect the right of access |
Fine of €3,000 |
10/10/2024 |
COMPANY MARKETING CRYPTOCURRENCY WALLETS |
Lack of data security
Data retention period |
Fine of €750,000 |
10/11/2024 |
ORTHOPHONIST (simplified procedure) |
Failure to respond to the injunction and non-compliance |
Liquidation of penalty of €4,000 |
10/17/2024 |
MINISTRY |
Obligation to process accurate data
Information of individuals
Failure to respect the right of access
Failure to respect the right of rectification
Failure to respect the right of erasure
|
Reprimand and injunction |
10/17/2024 |
MINISTRY |
Obligation to process accurate data
Information of people
Failure to respect the right of access
Failure to respect the right of rectification
Failure to respect the right of erasure |
Reprimand and injunction |
10/17/2024 |
COMPANY ENGAGED IN THE PROVISION OF SERVICES (MANAGEMENT OF TELEPHONE CALLS) (simplified procedure) |
Information of individuals (CCTV and phone recording)
Failure to respect the right to object
Lack of data security |
Fine of €20,000 |
10/17/2024 |
DENTIST SURGEON (simplified procedure) |
Failure to respect the right of access (medical file)
Lack of cooperation with the CNIL |
Fine of €3,000 and injunction |
10/23/2024 |
ASSOCIATION PARTICIPATING IN THE ACTIVITIES OF POLITICAL ORGANISATIONS (simplified procedure) |
Failure to respond to an injunction and non-compliance (injunction procedure) |
Liquidation of penalty of €4,000 |
11/14/2024 |
TELECOMMUNICATIONS OPERATOR
|
Information of individuals (cookies)
Commercial prospecting (article L. 34-5 CPCE)
|
Fine of €50 million and injunction |
11/26/2024 |
IT FACILITIES MANAGEMENT COMPANY (simplified procedure)
|
Failure to cooperate with the CNIL |
Fine of €15,000 |
11/26/2024 |
ASSOCIATION PROVIDING SOCIAL SERVICES WITHOUT ACCOMMODATION AND MANAGING MEDICAL, SOCIAL AND HEALTH ESTABLISHMENTS (simplified procedure)
|
Failure to respect the right of access
Failure to cooperate with the CNIL
|
Fine of €10,000 |
12/05/2024 |
COMPANY OFFERING PRIVATE SECURITY SERVICES (simplified procedure) |
Minimisation of data
Information of individuals and transparency
Register of processing activities |
Fine of €20,000 and injunction |
12/05/2024 |
COMPANY SPECIALISING IN THE DEVELOPMENT AND ORGANISATION OF ADVERTISING CAMPAIGNS (simplified procedure) |
Commercial prospecting (article L. 34-5 CPCE)
Data retention period
Information of individuals and transparency |
Fine of €20,000 |
12/05/2024 |
COMPANY SELLING COSMETIC PRODUCTS (simplified procedure) |
Obligation to process data lawfully (CCTV)
Limitation of purpose (CCTV)
Minimisation of data (CCTV)
Information of individuals |
Fine of €3,000 |
12/05/2024 |
CLINIC (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €15,000 |
12/05/2024 |
COMPANY DEVELOPING AND MARKETING A BROWSER EXTENSION (simplified procedure) |
Lack of legal basis
Data retention period
Information of individuals and transparency
Failure to respect the right of access |
Fine of €240,000 and injunction |
12/12/2024 |
COMMUNICATION AND AUDIOVISUAL PRODUCTION AGENCY (simplified procedure) |
Transparency and information (exercise of rights)
Failure to respect the right of access |
Fine of €6,000 |
12/12/2024 |
RETAIL SALES COMPANY (simplified procedure) |
Failure to respect the right of access |
Fine of €18,000 |
12/12/2024 |
COMPANY CARRYING ON THE BUSINESS OF COMPARING DRIVING SCHOOLS (simplified procedure) |
Transparency and information (exercise of rights)
Failure to respect the right of access |
Fine of €10,000 |
12/12/2024 |
TWO COMPANIES OPERATING AS PRESS AGENCIES (simplified procedure) |
Consent of individuals (cookies) |
Fine of €5,000 and Fine of €5,000 |
12/12/2024 |
CLOTHING RETAIL COMPANY (simplified procedure) |
Consent of individuals (cookies) |
Fine of €5,000 |
12/12/2024 |
CLOTHING RETAIL COMPANY (simplified procedure) |
Consent of individuals (cookies) |
Fine of €3,000 |
12/12/2024 |
CLOTHING RETAIL COMPANY (simplified procedure) |
Consent of individuals (cookies) |
Fine of €20,000 |
12/12/2024 |
CLOTHING RETAIL COMPANY (simplified procedure) |
Consent of individuals (cookies) |
Fine of €10,000 |
12/12/2024 |
SOFTWARE DEVELOPMENT TOOLS AND LANGUAGES COMPANY (simplified procedure) |
Consent of individuals (cookies) |
Fine of €20,000 and injunction |
12/12/2024 |
COMPANY OPERATING INTERNET PORTALS (simplified procedure) |
Consent of individuals (cookies) |
Fine of €20,000 and injunction |
12/19/2024 |
PUBLIC ADMINISTRATIVE ESTABLISHMENT (simplified procedure) |
Failure to respect the right of access
Failure to cooperate with the CNIL |
Reprimand |
12/19/2024 |
CALL CENTER (simplified procedure) |
Obligation to process data lawfully and with transparency
Lack of data security
Failure to cooperate with the CNIL |
Fine of €20,000 |
12/19/2024 |
COMPANY PROVIDING PRIVATE SECURITY, CLOSE PROTECTION, HOTESSARIAT AND LOGISTICS MANAGEMENT SERVICES (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €8,000 |
12/19/2024 |
STOMATOLOGIST (simplified procedure) |
Failure to respect the right of access (medical records)
Failure to cooperate with the CNIL |
Fine of €5,000 |
12/19/2024 |
COMPANY PUBLISHING A DEMATERIALISED GAMES WEBSITE (simplified procedure) |
Failure to respect the right of access |
Fine of €15,000 |
12/19/2024 |
COMPANY RUNNING A GYM (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €3,000 |
12/19/2024 |
COMPANY SPECIALISING IN INTERNET PORTALS (simplified procedure) |
Failure to respect the right of opposition
Failure to cooperate with the CNIL |
Fine of €5,000 |
12/19/2024 |
IT SYSTEMS AND SOFTWARE CONSULTANCY COMPANY (simplified procedure) |
Failure to respect the right of access |
Fine of €8,000 |
12/19/2024 |
COMPANY CARRYING ON ESTATE AGENCY BUSINESS |
Minimisation of data (CCTV)
Obligation to process data lawfully (CCTV)
Information of individuals
Lack of data security
Obligation to perform a data protection impact assessment |
Fine of €40,000 |
12/19/2024 |
ACCESS TO HEALTHCARE (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €5,000 |
12/19/2024 |
REGIONAL SUPPORT GROUP FOR THE DEVELOPMENT OF E-HEALTH (simplified procedure) |
Obligations relating to data processing in health sector
Framework for relations between the controller and the processor |
Fine of €20,000 |
12/19/2024 |
GENERAL PRACTITIONER (simplified procedure) |
No response to injunction |
Liquidation of the penalty payment of €2,000 |
12/26/2024 |
COMPANY OPERATING SUPERMARKETS (simplified procedure) |
Minimisation of data
Register of processing activities
Obligation to carry out a data protection impact assessment |
Fine of €18,000 |
12/31/2024 |
AMBULANCE TRANSPORT COMPANY (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €10,000 |
12/31/2024 |
INDIVIDUALS (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €5,000 |
12/31/2024 |
COMPANY MANAGING A CONVERSATIONAL ROBOT USING ARTIFICIAL INTELLIGENCE (simplified procedure) |
Failure to cooperate with the CNIL |
Fine of €5,000 |