CRPA, LDH and MGEN ASS – Court Ruling (France, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A French court ruled that certain organizations processed personal data without consent for monitoring purposes, which was not related to cookies or consent banners. This ruling is significant because it reinforces the importance of obtaining consent for data processing. Website operators should ensure they are clear about how they collect and use personal data.
What happened
Organizations processed personal data for monitoring without obtaining consent from individuals.
Who was affected
Individuals whose personal data was monitored without consent were affected.
What the authority found
The court held that the organizations violated data protection rules by processing personal data without consent.
Why this matters
This case underscores the necessity for organizations to obtain consent for data processing activities. Website operators should review their data collection practices to ensure compliance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The NGOs, Circle for reflection and proposal of actions on psychiatry (CRPA), The Human Rights League (LDH) and the French organism fight for social welfare (MGEN ASS) brought action for annulment before the Supreme Administrative Court (the Council of State ‘CE’). The complainants requested, inter alia, the annulment of the decree n°2019-412 of 6 May 2019 modifying decree n°2018-383 of 23 May 2018 authorizing the processing of personal data of persons in psychiatric care without consent for monitoring purposes, for misuse of authority. The decree from 2018 (without modification) allows the processing of personal data of persons in psychiatric care without their consent for monitoring purposes. The amending decree adds a further processing which is to inform State representatives of new admissions of persons in psychiatric care without their consent. The same decree states that this other processing is the prevention of terrorist radicalization, within the meaning of the French criminal law. The Complainants argued that that new processing infringed Articles 9, 12, 13, 14, 16 and 17 GDPR. The Court had to assess which legal was applicable and whether the further processing is lawful. The Supreme Administrative Court decided First, on the link between the two processing aforementioned, the Court ruled that the two processing operations constitute themselves one and only operation. It issued that the legal framework applicable to such processing depends on the purpose thus pursued. Secondly, the Court issues that the purpose of such processing to prevent radicalised persons with psychiatric disorders from committing terrorist acts. Thus, the processing is in the field of State Security and Defence and falls outside the scope of Union law, as foreseen in Article 2(2)(a) GDPR. More precisely, the processing is subject to the specific provisions for processing carried out on behalf of the State and relating to State security or defence in the French Data Protection
Outcome
Court Ruling
A ruling by a national court on a data-protection matter.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Cases (0)
No other cases found for CRPA, LDH and MGEN ASS in FR
This is the only recorded case for this entity in this jurisdiction.
Similar Cases
Enforcement actions with similar violations
Details
About this data
Cite as: Cookie Fines. CRPA, LDH and MGEN ASS - France (2020). Retrieved from cookiefines.eu
Last updated: