On Thursday, 22 June, the French data protection authority, the CNIL, fined online advertising company Criteo €40 million for violating the EU General Data Protection Regulation (GDPR). Today's enforcement action marks the conclusion of an almost 5-year investigation following complaints filed by Austrian privacy group NOYB and Privacy International in December 2018.
The CNIL found Criteo's advertising practices failed to demonstrate that the data subject gave its consent. Furthermore, the company did not include all the intended purposes of the processing in its privacy notice, and that some of the purposes included were not explained clearly. Other violations related to the right of access, the right to withdraw consent, the right to erasure, and a failure to provide for an agreement between joint controllers.
In statements responding to the news:
- NOYB data protection lawyer Romain Robert said, "We are very happy about the decision the CNIL issued. It is a strong signal to the ad-tech industry that they will face dire consequences for breaking the law."
- Lucie Audibert, a lawyer at Privacy International, said, "This sanction sends a strong message to the thousands of AdTech players out there. For years they've built gigantic data supply chains, without seeking to ensure that the users they target have consented to their private information being traded as a commodity. "
Today's action follows an announcement in August 2022 when the CNIL proposed issuing Criteo with a €60 million fine.
(Translate to English: Google Chrome, Mozilla Firefox, or Microsoft Edge)
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 5,750 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.