De Particulier à Particulier - Editions Neressis – €100,000 Fine (France, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The French data protection authority fined De Particulier à Particulier - Editions Neressis €100,000 for not properly informing users about their data rights and for placing cookies without consent. This ruling is a reminder for online businesses to be transparent about data collection practices.
What happened
The authority fined the company for failing to inform users about their rights and for using cookies before obtaining consent.
Who was affected
Website visitors who interacted with De Particulier à Particulier's services were affected by these practices.
What the authority found
The authority found that the company did not comply with GDPR requirements for transparency and consent regarding data processing.
Why this matters
This ruling serves as a warning to online businesses to ensure they clearly communicate data practices and obtain user consent before tracking. Transparency is crucial for compliance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Société Particulier à Particulier - Editions Neressis ("controller") provides individuals with a set of publications and services allowing them to conclude real estate transactions without intermediaries. The CNIL conducted an online investigation of their website, www.pap.fr, to verify the methods of informing people about their rights as data subjects, and whether the procedure for creating a user account was sufficiently secure and confidential. The on-site investigation focused on the verification of the retention periods applied to user account data, the legality of data processor agreements in place and the technical and organizational measures to ensure the security of the data collected through the website. During its investigations, the CNIL found that the controller defined a systematic retention period of ten years from the acceptance of an order on the website. The CNIL also discovered that the controller did not include the right to lodge a complaint with the DPA, the legal basis for each processing as well as the recipients and categories of recipients in their privacy policy. The CNIL initiated a sanctioning procedure against the controller on 6 February 2023. Firstly, regarding the retention periods, the CNIL considered that a retention period of ten years from the date of acceptance of the order was justified by its legal obligations resulting from French law, in particular [https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000032226994/ Articles L.213-1], [https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000032807208 D.213-1] and [https://www.legifrance.gouv.fr/codes/article_lc/LEGIARTI000032807210 D.213-2] Consumer Code, for contracts worth more than €120. Therefore, the CNIL considered that for contracts that were less than €120, the 10 year retention period was excessive and therefore breaches Article 5(1)(e) GDPR. Additionally, while the CNIL agreed that a 5 year retention period commencing from the date of last connection to
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (0)
No other enforcement actions found for De Particulier à Particulier - Editions Neressis in FR
This is the only recorded action for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
31 January 2024
Authority
Commission Nationale de l'Informatique et des Libertés
Fine Amount
€100,000
GDPRhub ID
gdprhub-7602About this data
Cite as: Cookie Fines. De Particulier à Particulier - Editions Neressis - France (2024). Retrieved from cookiefines.eu
Last updated: