FREE MOBILE – €300,000 Fine (France, 2021)

€300,000Commission Nationale de l'Informatique et des Libertés28 December 2021France
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

FREE MOBILE was fined €300,000 by France's CNIL for not respecting users' data rights, including ignoring requests to stop sending ads and failing to secure passwords. The company also didn't respond to data requests on time. This case shows the importance of respecting user rights and securing personal data.

What happened

FREE MOBILE failed to honor data subjects' rights and did not secure personal data properly.

Who was affected

Users of FREE MOBILE who requested data access or opted out of advertisements.

What the authority found

The CNIL found FREE MOBILE violated GDPR by not responding to data requests, ignoring opt-out requests, and sending passwords in plain text.

Why this matters

This ruling stresses the need for companies to respect user rights and secure personal data. It warns businesses about the risks of ignoring data protection obligations.

GDPR Articles Cited

AI-verified

Art. 12 GDPR
Art. 15 GDPR
Art. 21 GDPR
Art. 32 GDPR
View original scraped data
Art. 12 GDPR
Art. 15 GDPR
Art. 21 GDPR
Art. 25 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
articles corrected
France enforcementCommission Nationale de l'Informatique et des Libertés actionsAll FREE MOBILE actions
Full Legal Summary
Detailed

The French DPA (CNIL) has imposed a fine of EUR 300,000 on FREEE MOBILE. The CNIL had received numerous complaints regarding the company's failure to comply with data subjects' rights. During its investigation, the CNIL found that the company had failed to respond to data subjects' requests in a timely manner. In addition, the company failed to comply with the data subjects' right to object, as it continued to send advertisements to the data subjects despite them having exercised their right to object. In addition, the CNIL found that the company had failed to implement adequate technical and organizational measures to ensure a level of security appropriate to the risk to the data subjects. For example, it had sent users passwords by email in clear text.

Related Enforcement Actions (1)

Other enforcement actions involving FREE MOBILE in FR

Current
Dec 2021

Fine

€300K

Fine
Jan 2026· Commission Nationale de l'Informatique et des Libertés

The company FREE MOBILE (the “controller”), a subsidiary of the company ILIAD, operates as a mobile telephone operator and had, as of 31 December 2024...

€27.0M

Details

Fine Date

28 December 2021

Authority

Commission Nationale de l'Informatique et des Libertés

Fine Amount

€300,000

Enforcement Tracker ID

ETid-972

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. FREE MOBILE - France (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: