Digital Policy Alert logo

France: Issued ruling against Free for alleged breach of data subject rights

Policy overview

Description

Issued ruling against Free for alleged breach of data subject rights

On 30 November 2022, the National Commission for Information Technology and Civil Liberties (CNIL) found that the telecommunications provider Free breached GDPR articles related to data subject rights and data security. The investigation began after submitting personal data breach notifications to CNIL. Consequently, CNIL's restricted committee imposed a EUR 300'000 fine against Free and issued an injunction requiring Free to disclose the identities of data brokers from which it had obtained the personal data of complainants, subject to a daily fine of EUR 500 per day of delay.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
infrastructure provider: internet and telecom services
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2022-11-30
in force

On 30 November 2022, the National Commission for Information Technology and Civil Liberties (CNIL) …

2023-03-20
concluded

On 20 March 2023, the National Commission for Information Technology and Civil Liberties (CNIL) end…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.