On 30 November 2022, the National Commission for Information Technology and Civil Liberties (CNIL) found that the telecommunications provider Free breached GDPR articles related to data subject rights and data security. The investigation began after submitting personal data breach notifications to CNIL. Consequently, CNIL's restricted committee imposed a EUR 300'000 fine against Free and issued an injunction requiring Free to disclose the identities of data brokers from which it had obtained the personal data of complainants, subject to a daily fine of EUR 500 per day of delay.
Original source