French Regulator Fines Data Prospector $1 Million for GDPR Violations
French privacy regulator CNIL fined Solocal Marketing Services $1 million (900,000 euros) for commercial data prospecting without securing prospects' consent and for transferring their data to partners without a valid legal basis.
Sign up for a free preview to unlock the rest of this article
In 2022, CNIL said, it prioritized investigations into commercial prospecting, focusing on professionals, including those who resell data, including data brokers.
In that connection, the watchdog said, it investigated Paris-based Solocal, which obtained prospect data from data brokers, publishers of game contests and product testing sites. Solocal used the data for commercial prospecting by SMS or email to the individuals concerned, on behalf of its advertiser customer. It also passed on some data to its customers for their commercial prospecting operations.
Based on its investigation, CNIL found that the company had failed to comply with General Data Protection Regulation (GDPR) and French Post and Electronic Communications Code rules around data collection and proof of consent.
In addition to the fine, CNIL ordered Solocal to stop electronic commercial prospecting in the absence of valid consent.
The regulator noted that the fine took into account the number of people affected (several million), Solocal's historical position in the market, the financial benefit derived from the breaches, and measures Solocal took to comply with some of its obligations following CNIL's checks.