Fine of 300,000 euros for Free for breaches of data protection

Europe 1 with AFP 3:47 p.m., January 04, 2022

The CNIL, policeman of the private life of the French, this Tuesday sanctioned the mobile operator Free with a fine of 300,000 euros for not having respected in particular the security of the data of its users. Having received several complaints, the Commission carried out several checks and found four breaches of the general data protection regulation (GDPR), in particular "the obligation to protect data by design" and "data security", citing the example of the transmission of passwords in clear by e-mail.

The shortcomings noted also concern "the difficulties encountered by people in taking into account their requests" for access to data concerning them, or the failure to take into account the requests of complainants to no longer receive commercial prospecting messages, indicated the CNIL.

Contacted by AFP, Iliad, parent company of the operator Free, did not immediately comment.

The announcement of this significant fine of 300,000 euros, which takes into account "the size and financial situation of the company", is justified by "the need to recall the importance of dealing with human rights claims and the security of user data ", the Commission added.

Last July, the social protection group AG2R La Mondiale was fined 1.75 million euros for non-compliance with the European Personal Data Regulation (GDPR).

AG2R was criticized in particular for not having provided all the elements required by the GDPR to people contacted by telephone by subcontractors.

The company had, however, taken measures to correct these shortcomings, which the CNIL body in charge of sanctions had "taken note".