CNIL – Violation Found (France, 2026)

Violation Found
Commission Nationale de l'Informatique et des Libertés4 March 2026France
final
ePrivacy
Violation Found

The French data protection authority, CNIL, found issues related to data collection and transparency but did not impose a fine. This matters because it underscores the importance of clear data handling practices. Companies should ensure they are transparent about how they collect and use personal data.

What happened

CNIL identified problems with data collection, retention, and transparency practices.

Who was affected

Individuals whose data was collected by the organization were affected.

What the authority found

The CNIL found that the organization did not meet GDPR requirements regarding data handling and transparency.

Why this matters

This case serves as a reminder for businesses to be clear and open about their data practices. Transparency is crucial for building trust with users.

GDPR Articles Cited

AI-verified

Art. 6(GDPR)
Art. 12(GDPR)
Art. 14(GDPR)
Art. 15(GDPR)
Art. 5(1)(e) GDPR
View original scraped data
Art. 5(1)(e) GDPR
Art. 6(GDPR)
Art. 12(GDPR)
Art. 14(GDPR)
Art. 15(GDPR)

Original data from scraper before AI verification against source document.

Entities Involved

CNIL
KASPR
Source verified 27 March 2026
scope corrected
date discrepancy
France enforcementCommission Nationale de l'Informatique et des Libertés actionsAll CNIL actions
Full Legal Summary
Detailed

The case involved unlawful data collection and retention practices, not cookies or consent mechanisms.

Outcome

Violation Found

The DPA found a violation but did not impose a fine.

Related Enforcement Actions (3)

Other enforcement actions involving CNIL in FR

CJEU Judgment
Sept 2019· Court of Justice of the European Union

Four applicants wanted to exercise their right to de-referencing concerning various links to third-party websites which contained sensitive data perta...

Court Ruling
Jan 2022· Commission Nationale de l'Informatique et des Libertés

On 7 December 2020, the French DPA (CNIL) imposed two fines totaling € 100 million on Google LLC and Google Ireland Ltd for violating Article 82 of th...

Court Ruling
May 2023· DPA CE

On March 27, 2018 the Data Subject filed a complaint on CNIL againt Euronext group, specifically addressing the handling of her personal data by the I...

Current
Mar 2026

Violation Found

Details

Decision Date

4 March 2026

Authority

Commission Nationale de l'Informatique et des Libertés

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CNIL - France (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: