2023-06-22 12:42:02
The Cnil, guarantor of the privacy of the French, imposed a fine of 40 million euros on the French Internet advertising group Criteo for violations related to personal data, according to a deliberation published on Thursday.
This sanction follows a complaint in November 2018 from the British association Privacy International, which targeted seven companies carrying out large-scale data collection, including Criteo. In August 2022, the rapporteur of the Cnil (National Commission for Computing and Freedoms) had proposed a penalty of 60 million euros.
Founded in 2005 in France, Criteo SA specializes in the display of targeted advertising on the web. In 2022, the group employed around 3,000 people and had achieved overall revenue of around €1.9 billion for a net profit of around €10 million.
The Cnil, which had launched an investigation in March 2020, accuses him of having violated the EU regulation on the protection of personal data (RGPD), concerning “advertising retargeting” for the purpose of displaying personalized advertising, which does not allow enough anonymization of people not to re-identify them.
“Loss of control of Internet users”
It notes a “failure relating to the information of people” and underlines that it has generated “a loss of control for Internet users over their data insofar as the company has not provided them with complete and understandable information”. .
Regarding the exercise of the rights of access, withdrawal of consent and erasure, the CNIL underlines “their structural nature and their seriousness in that the measures deployed by the company not only lead to the requests of the persons being incorrectly processed but also that the latter legitimately think that their request has been respected”.
The Cnil “also recalls that the company’s consideration of a request for erasure has the sole effect of stopping the display of personalized advertisements, the company also continuing to keep the data of the person originally of the request and even to use them for other purposes”.
Criteo maintained its annual forecasts at the beginning of May, with in particular growth of around 10% in its ex-TAC revenues (excluding payments to partners) at constant exchange rates. This indicator rose to 6% over the quarter. Coming into force in the European Union (EU) in May 2018, the GDPR provides for fines that can go up to 20 million euros or 4% of a company’s worldwide turnover.
#Personal #data #Cnil #imposes #fine #million #euros #French #group #Criteo