The Cnil imposes a fine of 2,250,000 euros on Carrefour France and 800,000 euros on Carrefour Banque

December 4, 2020

The Commission Nationale de l’Informatique et des Libertés (hereafter “CNIL”) has sanctioned the companies Carrefour France and Carrefour Banque for failure to comply with the obligations set forth in the General Regulations on Data Protection (hereafter “RGPD“):

  • 2,250,000 against Carrefour France ;
  • 800,000 against Carrefour Banque,

bringing the cumulative amount of these fines to 3,050,000 euros.

These decisions were published on November 18, and in the space of two weeks, these sanctions were relayed by hundreds of websites, media and social networks.

So which is worse : the fine imposed or the publicity of these decisions?

These fines follow fifteen complaints received by the Cnil between June 2018 and April 2019 from individuals against companies. Most of these complaints concerned requests for data deletion, requests for access to data and unsubscriptions to commercial prospecting that were not taken into account by the companies.

Following these complaints, the Cnil carried out between May and July 2019 an online inspection and 4 on-site inspection on Carrefour France. With regard to Carrefour Banque, one online and one on-site inspection were carried out.

Did the announcement of these sanctions have an impact on Carrefour’s relationship with its partners? With its customers?

To understand everything about the decisions of November 18, 2020 against the companies Carrefour France and Carrefour Bank, read the full article, in French, here :