Your Privacy Hub
join the community
Your Privacy Hub

Yes We Trust moves to Didomi

We are excited to share that going forward, Yes We Trust content will be incorporated into Didomi, where we will continue to post relevant, educational content that helps you make sense of data privacy today, including out flagship newsletter and opinion pieces. Thank you for your continued support and see you there!

Continue to Didomi
    Adtech company Criteo hit with €40M fine by French DPA
    • company-news
    • industry-news

    Published on June 26, 2023 last updated on June 27, 2023

    Adtech company Criteo hit with €40M fine by French DPA

    Last week, former unicorn and publicly listed French adtech company Criteo was fined €40 million by the French Data Protection Authority (CNIL), for failing to ensure that publisher partners obtained user consent for the use of Criteo’s cookie.

    The investigation stemmed from a complaint lodged by Privacy International and None of Your Business (noyb) in 2018.

    "During its investigations, the CNIL noticed several infringements concerning, in particular, the lack of evidence of the consent of individuals to the processing of their data, information and transparency as well as respect for the rights of individuals." 

    - Commission nationale de l'informatique et des libertés (Source: CNIL

    The investigation by the French DPA uncovered five infringements of the GDPR by Criteo:

    • Failure to demonstrate that the data subject gave its consent (Article 7.1 GDPR)

    • Failure to comply with the obligation of information and transparency (Articles 12 and 13 GDPR)

    • Failure to respect the right of access (Article 15.1 GDPR)

    • Failure to comply with the right to withdraw consent and erasure of data (Articles 7.3 and 17.1 GDPR)

    • Failure to provide for an agreement between joint controllers (Article 26 GDPR)

    As a result,  Criteo was issued a fine of EUR 40 million, a decision the AdTech company is intending to appeal:

    “As we stated previously, we consider that the allegations made by the CNIL do not involve risk to individuals nor any damage caused to them,” Damon said. “Criteo, which uses only pseudonymized, non-directly identifiable and non-sensitive data in its activities, is fully committed to protecting the privacy and data of users.

    The decision relates to past matters and does not include any obligation for Criteo to change its current practices; there is no impact to the service levels and performance that we are able to deliver to our customers as a result of this decision. We continue to uphold the highest standards in this area and operate a fully transparent and regulatory-compliant global business. We will be making no further statement at this stage.”

    - Criteo statement, via TechCrunch (source: TechCrunch)

    Meanwhile, noyb celebrates the decision in a recent press release:

    “We are very happy about the decision the CNIL issued. It is a strong signal to the ad-tech industry that they will face dire consequences for breaking the law.”

    - Romain Robert, Data protection lawyer at noyb (source: noyb)

    Comments, opinions, and thoughts? Continue the conversation in the Yes We Trust community on LinkedIn:

    Go to the Yes We Trust community
    avatar Yes We Trust

    Yes We Trust

    Your privacy hub.

    Do you need help with your Privacy strategy? community@yes-we-trust.com
    Do you want to become a speaker? speakers@yes-we-trust.com