News

📱🍪 €50 Million Fine for a French Telecom Operator 📱🍪

On November 14, 2024, the CNIL imposed a €50 million fine on a French telecom operator for displaying advertisements between users' emails in its email service without their consent.

Details:

Advertisements Without Consent:

The CNIL found that the company displayed advertisements disguised as emails within the inboxes of users of the email service.

• Such advertisements required prior user consent, as mandated by Article L. 34-5 of the Postal and Electronic Communications Code (CPCE).

Cookie Compliance Violation:

When users withdrew their consent for cookies on the french telecom operator website, previously stored cookies continued to be read, violating Article 82 of the French Data Protection Act (Loi Informatique et Libertés).

Consequences:

• Administrative Fine: €50 million.
• Injunction:
• Stop all cookie-related operations after consent withdrawal within three months.
• A penalty of €100,000 per day of delay would be applied for non-compliance.

🔧 Best Practices for GDPR Compliance

To avoid similar penalties, companies should:

• Obtain Explicit Consent: Ensure users provide explicit consent before displaying advertisements or storing cookies on their devices.
• Respect Consent Withdrawal: Immediately cease all cookie-related operations once consent is withdrawn.
• Provide Clear User Information: Offer transparent details about the purpose of advertisements and cookies.
• Perform Regular Audits: Regularly audit consent mechanisms to ensure ongoing compliance.