Free Mobile, the subsidiary of the Iliad group begins the year 2022 with a fine of 300,000 euros imposed by the CNIL. The company is indeed accused of not having sufficiently respected the security of the data of its users within the framework of the General Data Protection Regulation (GDPR).
Following 19 complaints from individuals made between December 2018 and November 2019 against Free Mobile, the National Commission for Informatics and Freedoms (CNIL) decided to impose a fine of 300,000 euros to the operator Free Mobile. The company is indeed accused of not having respected the rights and obligations related to the protection of the personal data of its customers. The first dysfunction observed relates to the commercial prospecting of people. The CNIL had received complaints about the impossibility for certain people to be withdrawn from prospecting listings. The CNIL thus underlines ” the difficulties encountered by people in taking their requests into account »Access to data concerning them, some people continuing to be solicited after having expressed their opposition (by mail or email) to the use of their personal data for commercial purposes.
Beijing welcomes the cleaning carried out on application stores
The CNIL then criticizes Free for the way in which the data of its customers is protected, in particular ” the obligation to protect data by design ” and ” data security “. The company would indeed have continued ” to send invoices to complainants for telephone lines whose subscription had been canceled “. As well as the security of these since the company transmitted to some of its customers their password in clear when they subscribe to an offer without having to change it after the first connection.
However, the fine appears to be quite high given the number of complaints and the seriousness of the situations. Calculated on the basis of the company’s financial situation, the amount of the fine therefore reaches € 300,000, in accordance with the turnover of € 2.1 billion announced by Iliad during its last annual financial year. In addition to the fine, the sanction also includes an additional dissuasive component, namely the publicity of this sanction (all CNIL sanctions are not public). This is justified by “the need to recall the importance of dealing with requests for personal rights and the security of user data”.