France: Ended CNIL injunction proceedings against Free for alleged breach of data subject rights

On 20 March 2023, the National Commission for Information Technology and Civil Liberties (CNIL) ended the injunction proceedings against telecommunications provider Free for breaching data subject rights, including the rights to access and erasure. The company was ordered to provide comprehensive responses to access requests from four complainants, including identifying the data brokers from whom it had obtained the personal data of the complaining parties, within three months or face a EUR 500 penalty per day of delay. In response, the company revealed the data brokers for two complainants but lacked information for the others. The Restricted Committee opted not to impose the penalty, acknowledging the company's inability to comply because the relevant files had been destroyed entirely.