"During its investigations, the CNIL noticed several infringements concerning, in particular, the lack of evidence of the consent of individuals to the processing of their data, information and transparency as well as respect for the rights of individuals." 

- Commission nationale de l'informatique et des libertés (Source: CNIL) 

“As we stated previously, we consider that the allegations made by the CNIL do not involve risk to individuals nor any damage caused to them,” Damon said. “Criteo, which uses only pseudonymized, non-directly identifiable and non-sensitive data in its activities, is fully committed to protecting the privacy and data of users.

The decision relates to past matters and does not include any obligation for Criteo to change its current practices; there is no impact to the service levels and performance that we are able to deliver to our customers as a result of this decision. We continue to uphold the highest standards in this area and operate a fully transparent and regulatory-compliant global business. We will be making no further statement at this stage.”

- Criteo statement, via TechCrunch (source: TechCrunch)

“We are very happy about the decision the CNIL issued. It is a strong signal to the ad-tech industry that they will face dire consequences for breaking the law.”

- Romain Robert, Data protection lawyer at noyb (source: noyb)