The Cnil, guarantor of the privacy of the French, imposed a fine of 40 million euros for violations related to personal data to the French advertising group on the Internet Criteo, which “ intends to appeal “.
The National Commission for Computing and Liberties (Cnil) launched an investigation in March 2020 after complaints filed by the associations Privacy International and None of Your Business. In August 2022, its rapporteur had proposed a fine of 60 million euros against the company Criteo SA, founded in 2005 in France and specialized in the display of targeted advertisements on the web, via a tracer collecting the browsing data of Internet users. .
Five breaches
She accuses him of five breaches of the European Union (EU) regulation on the protection of personal data (RGPD), in particular “ the absence of proof of the consent of the persons to the processing of their data » and a sprain to « the obligation of information and transparency “, According to a statement released Thursday.
Criteo says it has “ took note of the Cnil’s sanction decision “, taken on June 15 and formalized Thursday, and “ intends to appeal to the competent legal authorities “, in a statement sent to AFP. ” Although the Cnil reduced the final penalty from 60 million euros, the amount initially proposed, to 40 million euros, the penalty remains largely disproportionate in view of the alleged breaches and is disproportionate to general practice in this area. “says Ryan Damon, its legal director. ” A certain number of interpretations and applications of the GDPR made by the CNIL are not consistent, neither with the case law of the Court of Justice of the European Union, nor with the CNIL’s own guidelines and recommendations. “, does he think.
This Criteo manager also reaffirms that “ the allegations made by the CNIL do not involve any risk for people, nor damage caused to them “. He also adds that ” the decision relates to past facts and does not involve any obligation for Criteo to change its current practices “.
” Internet users lose control over their data »
The Cnil criticizes Criteo for a ” failure to inform people and points out that it spawned “ a loss of control for Internet users over their data insofar as the company has not provided them with complete and understandable information “.
Regarding the exercise of the rights of access, withdrawal of consent and erasure, the CNIL underlines “ their structural nature and their seriousness in that the measures deployed by the company lead not only to people’s requests being incorrectly processed, but also to them legitimately believing that their request has been respected “.
(With AFP)
>> To read also: The Cnil imposes a fine of 60 million euros on Microsoft