News
🇫🇷 Excessive data collection by an online clairvoyance company
🔮 CNIL Fines an Online Fortune-Telling Company
Source : SAN 2023-008 of June 8, 2023
Violations:
- 🛑 EXCESSIVE DATA COLLECTION
- 📋 CONSENT
- 💉 SENSITIVE DATA
- ⏳ DATA RETENTION
- 🎙️ CALL RECORDINGS
- ⚠️ DATA BREACH
Facts:
In 2020, following a news article revealing a data breach from an online fortune-telling site, CNIL conducted several investigations.
The company KG COM offers online fortune-telling consultations via its website, chat, or phone. CNIL identified several violations, including:
- 🎙️ Systematic recording of phone conversations.
- 💉 Collection of sensitive data such as information related to sexual orientation and health status.
- 💳 Retention of banking data without the consent of the individual concerned.
- 🚨 Failure to notify the data breach.
Identified Violations:
- 🎙️ Phone Call Recordings:
- Lack of data minimization, Article 5.1.c of the GDPR.
- 💉 Sensitive Data:
- Failure to obtain prior consent for the collection of sensitive data, Article 9 of the GDPR.
- 🚨 Data Breach:
- Failure to notify CNIL of a data breach, Article 33 of the GDPR.
- 🔐 Data Security:
- Insufficient protection of data (weak website password, site using HTTP instead of HTTPS), Article 32 of the GDPR.
- Insufficient protection of data (weak website password, site using HTTP instead of HTTPS), Article 32 of the GDPR.
Consequences:
- 💰 120,000 euro fine for the online fortune-telling company KG COM.
- 💸 30,000 euro fine for using cookies without prior consent (absence of informational banners, placing 3 cookies on users' devices without their consent).
The GDPR, Even in Fortune-Telling 🔮
This sanction serves as a reminder of the importance of complying with data protection regulations, even for businesses in niche sectors like online fortune-telling.