The sanctions issued by the CNIL
The sanctions issued by the CNIL’s restricted committee since the entering into force of the GDPR.
Date | Type d'organisme | Manquements principaux / Thème | Décision adoptée |
---|---|---|---|
01/02/2022 | VEHICLE MAINTENANCE AND REPAIR COMPANY |
Failure to cooperate with the CNIL |
Fine of €3,000 and injunction |
03/21/2022 | RESTAURANT |
Failure to respect the principle of data minimization |
Fine of €10,000 |
03/24/2022 | NOTARY | Partial compliance with the injunction issued | Liquidation of the fine of €1,000 |
04/15/2022 | APPLICATION SOFTWARE PUBLISHING COMPANY | Obligation to regulate the relationship between the controller and the processor Obligation for the processor to process data only on the instructions of the controller Failure to maintain data security |
Fine of €1,500,000 |
06/23/2022 | ELECTRICITY AND GAZ PRODUCER & PROVIDER |
L 34-5 CPCE |
Administrative fine of one million euros |
06/13/2022 | VEHICLE MAINTENANCE AND REPAIR COMPANY | Failure to cooperate with the CNIL | Liquidation of the fine of €3,900 |
07/07/2022 | VEHICLE RENTAL COMPANY | Inadequacy, irrelevance and excessive nature of data Length of retention Information to individuals |
Fine of 175,000 euros |
08/03/2022 | COMPANY SPECIALIZING IN THE HOTEL SECTOR | L 34-5 CPCE Consent of individuals Failure to inform Failure to respect the right of access Failure to respect the right of opposition Security and confidentiality of data |
Fine of 600,000 euros |
09/08/2022 | ECONOMIC INTEREST GROUPING OF THE CLERKS OF THE COMMERCIAL COURTS OF FRANCE |
Data retention periods |
Fine of 250,000 euros |
10/17/2022 | COMPANY DEVELOPING FACIAL RECOGNITION SOFTWARE |
Failure to determine a legal basis |
Fine of 20,000,000 euros and injunction |
10/11/2022 | COMPANY DEVELOPING VOICE OVER IP SOFTWARE AND INSTANT MESSAGING | Data retention periods Transparency Failure to inform Data protection by default Obligation to conduct a privacy impact assessment Failure to secure personal data |
Fine of 800,000 euros |
11/24/2022 | ENERGY, GAZ AND RELATED SERVICES PROVIDER | L 34-5 CPCE - commercial prospecting Failure to inform Transparency Failure to respect the right to object Failure to respect the right of access Failure to secure personal data |
Fine of 600,000 euros |
11/30/2022 | PHONE OPERATOR |
Exercice of rights |
Fine of 300,000 euros and injunction |
12/19/2022 | COMPANY SELLING OPERATING SYSTEMS, APPLICATION SOFTWARE, HARDWARE AND RELATED SERVICES | Consent of individuals (cookies and tracking devices) | Fine of 60,000,000 euros and injunction |
12/20/2022 | COMPANY MARKETING A BUSINESS CONTACT EXTENSION | Failure to dermine a legal basis Failure to respect the right of access |
Dismissal |
12/29/2022 | A COMPANY THAT DEVELOPS AND MARKETS CONSUMER ELECTRONICS, PERSONAL COMPUTERS AND SOFTWARE | Failure to respect the right of access Lack of cooperation with the CNIL |
Fine of 8,000,000 euros |
12/29/2022 | PHYSICIAN (simplified procedure) | Failure to respect the right of access Lack of cooperation with the CNIL |
Fine of 5,000 euros |
12/29/2022 | PHYSICIAN (simplified procedure) | Failure to respect the right of access Lack of cooperation with the CNIL |
Fine of 5,000 euros |
12/29/2022 | UNIVERSITY (simplified procedure) | Failure to respect the right of access Lack of cooperation with the CNIL |
Fine of 10,000 euros |
12/29/2022 | COMPANY DEVELOPING MANAGEMENT SOFTWARE AND MARKETING SOFTWARE FOR LOCAL AUTHORITIES (simplified procedure) |
Failure to comply with the data minimisation principle |
Fine of 15,000 euros |
12/29/2022 | COMPANIES OPERATING A RANGE OF CONTENT DISTRIBUTION PLATFORMS | Consent of individuals (cookies and tracking devices) | Fine of 5,000,000 euros |
12/29/2022 | MOBILE GAMES DEVELOPMENT COMPANY | Consent of individuals (cookies and tracking devices) | Fine of 3,000,000 euros |