News

💥 €750,000 fine for Condé Nast

Regulator: CNIL
Source: SAN 2025-010 of 20 November 2025

The CNIL has just fined Condé Nast, the famous publisher of Vanity Fair, Vogue, GQ and AD France, €750,000 for serious breaches of the rules on trackers.

⚠️ Facts reproached by the CNIL

-Trackers set before users’ consent.
- Incomplete or misleading information about the purposes of cookies.
-Some trackers were presented as “strictly necessary” when they were not.
-Failures in the refusal/withdrawal of consent mechanisms on the vanityfair.fr website.
Trackers remained active despite an explicit refusal or withdrawal.
-Aggravating factors: During inspections carried out in 2023 and then in 2025, the CNIL found that cookies were still being read despite withdrawal of consent, which constitutes a highly serious breach!
Condé Nast publications should have brought themselves into compliance as soon as the formal notice was issued in 2021.

📅 A case that has dragged on
➡️ 2019: complaint by the NOYB association.
➡️ 2021: formal notice from the CNIL.
➡️ 2023–2025: inspections confirming the breaches.

As with any sanction, this one takes into account:
- Seriousness: the more serious the violation, the higher the fine may be.
- The number of users concerned (more than 7 million visitors between June and October 2023, including 6 million in France).
- The size of the company.

🎯 Why this matters

-Free, informed and prior consent is required before any tracker is set.
-Presenting cookies as “strictly necessary” to avoid the need for consent can be reclassified as misleading.
-Mechanisms for withdrawing consent must be effective and aligned with the user’s choice.
-This decision is a reminder that even major media players are not immune from sanctions.