The sanctions issued by the CNIL

01 December 2021

The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.

Sanctions issued in 2021

Date Type d'organisme Manquements principaux / Thème Décision adoptée
01/06/2021 OPTICAL RETAIL TRADE

Failure to respect the exercise of individuals' rightsdata security deficiency

€250,000 financial penalty and injunction under penalty payment

01/11/2021 IT SOLUTIONS DEVELOPMENT COMPANY Lack of data security Financial penalty of €75,000
01/12/2021 MINISTRY

Lawfulness of the treatment
Lack of impact assessment
Lack of information to individuals

Call to order and injunction

06/03/2021 APPLICATION SOFTWARE PUBLISHING COMPANY

Lack of data securityillegality of
processed data

Financial penalty of €10,000
06/14/2021 COMPANY PUBLISHING A PRIVATE SALES WEBSITE DEDICATED TO DIY, GARDENING AND HOME IMPROVEMENT

Retention periods
Failure to
inform individuals
Failure to comply with requests for deletion of data
Failure to keep data secure
Consent for commercial prospecting

Financial penalty of €500,000 and injunctions
07/20/2020 INSURANCE

Duration of retention lack of
Information to individuals 

Financial penalty of €1,750,000

07/26/2021 COMPANY SPECIALISED IN AGRICULTURAL BIOTECHNOLOGY

Failure to inform individuals - obligation to
Regulate relations with a subcontractor

Financial penalty of €400,000
07/27/2021 PRESS Consent of individuals (cookies)

Financial penalty of €50,000

09/15/2021 ADVERTISING COMPANY

Failure to comply with requests to rectify data
Failure to comply with erasure requests
lack of a register of processing activities
Cooperation with the CNIL

Financial penalty of €3,000
09/24/2021 MINISTRY

Lawfulness of the processing - retention period -
accuracy of the data
Lack of data security

Failure to inform individuals

Call to order and injunction
10/21/2021 NOTARY Cooperation with the CNIL Financial penalty of 3,000 euros and injunction
10/28/2021 PRIVATE ORGANIZATION Failure to comply with injunction issued Liquidation of the penalty payment of €65,000
10/29/2021 PUBLIC ESTABLISHMENT OF AN INDUSTRIAL AND COMMERCIAL NATURE

Failure to comply with the principles of data minimization and responsibility for data retention
Lack of data security

Financial penalty of  €400,000

12/28/2021 PAYMENT INSTITUTION

Obligation to regulate relationships with subcontractors
Failure to maintain data security
Obligation to notify individuals of a data breach

Financial penalty of €180,000
12/28/2021 TELEPHONE OPERATOR

Failure to respect the right of access
Failure to respect the right of rectification
Failure to respect the right to object
Obligation to protect data by design
Failure to ensure data security

Financial penalty of €300,000
12/30/2021 SALE OF FURNITURE ON THE INTERNET AND IN STORES

Retention period
Failure to inform individuals
Failure to comply with deletion requests
Obligation to regulate relations with subcontractors
Failure to ensure data security

Financial penalty of €120,000
12/31/2021 INTERNET SERVICES (SEARCH ENGINE, VIDEO PLATFORM, ETC.) Cookie refusal mechanism Financial penalty of €150,000,000 and injunction
12/31/2021 SOCIAL NETWORK

Cookie refusal mechanism
Failure to inform individuals

Financial penalty of €60,000,000 and injunction

Sanctions issued in 2020


Sanctions issued in 2019


Sanctions issued in 2018


Keywords associated to this article