Data protection: The CNIL imposes a fine of 300,000 euros on Free Mobile

The CNIL does not intend to compromise with regard to companies’ compliance with the General Data Protection Regulation (GDPR).

The data protection officer gave a further illustration of this by imposing a fine of 300,000 euros on Free Mobile on Tuesday. After having been alerted by several people to the failure of the operator to take into account their requests for access rights to their personal data or their requests for the right to object to receiving commercial prospecting messages, the CNIL has decided to take the next step by sanctioning these breaches.

In detail, the CNIL sanctioned Free for not having “not followed up on requests for the right of access to personal data made by complainants within the time limits”. The operator held by Xavier Niel is also criticized for not having “taken into account the complainants’ requests that no further commercial prospecting messages be sent to them”.

An advertising that stains

Last but not least, the operator is also singled out for “having continued to send to complainants invoices concerning telephone lines whose subscription had however been canceled”, as well as for having transmitted “by email, in clear , the passwords of users when they subscribe to an offer ”.

“An on-site check and an off-site check made it possible to identify shortcomings [à ces] rights, the obligation to protect data by design as well as data security (transmission of passwords in clear by email) ”, the Authority said in a press release published on Tuesday. Beyond its amount, the public nature of this fine should be emphasized, while all the fines imposed by the French data police are not always made known to the general public.

The CNIL justified the publicity of this sanction by “the need to recall the importance of dealing with requests for personal rights and the security of user data”. This decision goes badly on the side of the management of Free, for whom such publicity is “disproportionate in view of the shortcomings retained and the low number of complaints referred” and carries “an irreversible damage to its reputation”. An argument swept aside by the CNIL, for whom “the publicity of the sanction is justified in view of the plurality of breaches noted, their persistence, and the number of people concerned”.

Source link -97