News
๐ซ๐ท Excessive data collection by an online clairvoyance company
๐ฎ CNIL Fines an Online Fortune-Telling Company
Source : SAN 2023-008 of June 8, 2023
Violations:
- ๐ EXCESSIVE DATA COLLECTION
- ๐ CONSENT
- ๐ SENSITIVE DATA
- โณ DATA RETENTION
- ๐๏ธ CALL RECORDINGS
- โ ๏ธ DATA BREACH
Facts:
In 2020, following a news article revealing a data breach from an online fortune-telling site, CNIL conducted several investigations.
The company KG COM offers online fortune-telling consultations via its website, chat, or phone. CNIL identified several violations, including:
- ๐๏ธ Systematic recording of phone conversations.
- ๐ Collection of sensitive data such as information related to sexual orientation and health status.
- ๐ณ Retention of banking data without the consent of the individual concerned.
- ๐จ Failure to notify the data breach.
Identified Violations:
- ๐๏ธ Phone Call Recordings:
- Lack of data minimization, Article 5.1.c of the GDPR.
- ๐ Sensitive Data:
- Failure to obtain prior consent for the collection of sensitive data, Article 9 of the GDPR.
- ๐จ Data Breach:
- Failure to notify CNIL of a data breach, Article 33 of the GDPR.
- ๐ Data Security:
- Insufficient protection of data (weak website password, site using HTTP instead of HTTPS), Article 32 of the GDPR.
- Insufficient protection of data (weak website password, site using HTTP instead of HTTPS), Article 32 of the GDPR.
Consequences:
- ๐ฐ 120,000 euro fine for the online fortune-telling company KG COM.
- ๐ธ 30,000 euro fine for using cookies without prior consent (absence of informational banners, placing 3 cookies on users' devices without their consent).
The GDPR, Even in Fortune-Telling ๐ฎ
This sanction serves as a reminder of the importance of complying with data protection regulations, even for businesses in niche sectors like online fortune-telling.