Privacy International (PI) has responded to the €40 million fine imposed on Criteo by the French data protection authority, the CNIL, for EU General Data Protection Regulation (GDPR) violations.
While welcoming the decision, PI believes the CNIL missed opportunities to improve data protection compliance within the AdTech sector. PI highlights that the CNIL failed to question the validity of consent to data collection and processing by hundreds of companies. They argue that in order for consent to be fully informed, users would have to read lengthy privacy policies every time they visit a Criteo partner website and actually understand what they mean.
Furthermore, the CNIL chose not to address Real-Time Bidding or consider whether Criteo processes special category data. Overall, PI considers the CNIL was too easily satisfied.
What is this page?
You are reading a summary article on the Privacy Newsfeed, a free resource for DPOs and other professionals with privacy or data protection responsibilities helping them stay informed of industry news all in one place. The information here is a brief snippet relating to a single piece of original content or several articles about a common topic or thread. The main contributor is listed in the top left-hand corner, just beneath the article title.
The Privacy Newsfeed monitors over 300 global publications, of which more than 4,250 summary articles have been posted to the online archive dating back to the beginning of 2020. A weekly roundup is available by email every Friday.