Futura Internationale – Court Ruling (France, 2021)

Futura Internationale appealed against the French DPA's decision to impose a fine of 500,000 EUR on Futura Internationale for sending unsolicited marketing communications. Did the French DPA breach the constitutional principle of non-retroactivity of the law by applying the GDPR? Was the fine of € 500,000 imposed by the French DPA proportionate? The highest administrative court of France (Conseil d'Etat) dismissed the claim that even if the investigation by the (French DPA) CNIL started in March 2018, the infringement continued after the GDPR entered into force. Futura Internationale was notified of its administrative fine in October 2018. Therefore, the Court held that the French DPA (CNIL) applied the relevant law by applying the GDPR. There was no breach of the constitutional principle of non-retroactivity of the law by the CNIL. The French Court then assessed Article 83 GDPR and agreed that Futura Internationale failed to comply with several GDPR obligations, including the principle of data minimisation, the obligation to inform data subjects, the obligation to respect the right to object, the obligation to cooperate with the DPA and the obligation to safeguard data transferred internationally. It held that the violations were particularly important and persistent. Therefore, the Court concluded that the French DPA had not imposed a disproportionate fine. 500 000 EUR fine was 2.5% of Futura Internationale's annual global turnover. Therefore, the French Court rejected Futura Internationale's appeal against the French DPA's decision.