The sanctions issued by the CNIL

22 December 2020

The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.

The sanctions issued in 2019
Date Name or type of organization

Main breaches/ Theme

subject

Adopted decision

1/21/2019

OS AND SERVICES

Lack of transparency, unsatisfying information and lack of valid consent

Monetary penalty of 50 000 000 euros

1/31/2019

ONLINE SEARCH ENGINE

De-listing

Dropping of charges

1/31/2019

PROPERTY MANAGEMENT COMPANY

Security and personal data retention period

Dropping of charges

1/31/2019

NATIONAL PUBLIC ADMINISTRATION

Personal data security breach

Injunction with periodic penalty payment

5/28/2019

PROPERTY MANAGEMENT COMPANY

Personal data security breach and non-compliance with the retention periods

Monetary penalty of 400 000 euros

6/13/2019 TRANSLATION COMPANY

Inadequate and excessive data, irrelevant, unsatisfying information, personal data security breach

Video surveillance

Monetary penalty of 20 000 euros, injunction with periodic penalty payment
7/18/2019 INSURANCE INTERMEDIARY COMPANY

Personal data security breach

Monetary penalty of 180 000 euros
10/10/2019 EARLY CHILDHOOD PHOTOGRAPHY COMPANY

Failure to comply with the rights of access and to erasure, data security and confidentiality breach

Monetary penalty
11/21/2019 ISOLATION EQUIPMENT INSTALLATION COMPANY Inadequate, irrelevant and excessive data, lack of individual information, non-compliance with the right to object, lack of cooperation with the supervisory authority, no legal data transfer outside the UE Monetary penalty  of 500 000 euros
30/12/2019 HELP TO DISABLED AND ELDERLY INDIVIDUALS

Infringements on data retention limitation principle

Unsatisfying information

Infringements to the obligation of security by processor

Monetary penaly, injunction with periodic penalty payment

 

 

The sanctions issued in 2018
Date Name or type of organization

Main breaches/ Theme

subject

Adopted decision

1/8/2018

HOUSEHOLD APPLIANCES RETAIL

Personal data security breach

Website

Monetary penalty

5/7/2018

OPTICAL RETAIL

Personal data security breach

Website

Monetary penalty

6/21/2018

ASSOCIATION

Personal data security breach

Website

Monetary penalty

6/26/2018 PROXIMITY FREIGHT TRANSPORT ROAD Failure to comply with the rights of access (especially on tachograph data) Injunction with periodic penalty payment
7/24/2018 PRESS GROUP Personal data security breach and non-compliance with the retention periods Monetary penalty of 400 000 euros
7/24/2018 VIDEO-SHARING PLATFORM

Personal data security breach

Website

Monetary penalty
7/24/2018 SOCIAL BUILDING CONSTRUCTION & MANAGEMENT Personal data misuse Monetary penalty
7/24/2018 METAL TREATMENT AND COATING COMPANY Lack of answer to an order to comply from the CNIL Monetary penalty
9/6/2018 ASSOCIATION

Personal data security breach

Website

Monetary penalty
9/6/2018 ELEVATORS AND PARKING CCTV

Excessive data, unsatisfying information, lack of personal data security and confidentiality

Phone communication recording/Biometrics

Monetary penalty
12/19/2018 PRIVATE TRANSPORTS COMPANY

Personal data security breach

Mobile application

Monetary penalty
12/26/2018 TELECOM PROVIDER

Personal data security breach

Website

Monetary penalty

 

Keywords associated to this article