NEWS9 August 2022

Criteo could face potential €60m GDPR fine in France

Europe GDPR Legal News Privacy Public Sector

FRANCE – Commerce media company Criteo is challenging a claim by France’s digital regulator CNIL that the firm broke General Data Protection Regulation (GDPR) rules that could land Criteo with a €60m fine.

GDPR abstract image

The claims stem from a complaint filed by technology rights charity Privacy International in November 2018 about Criteo’s company practices, with the charity claiming they did not comply with GDPR.

CNIL opened a formal investigation in January 2020, which is still ongoing, although an assigned rapporteur last week issued a report claiming various GDPR violations by Criteo.

The rapporteur also proposed a financial sanction against Criteo of €60m.

Criteo has the right to respond in writing to CNIL about the GDPR claims, following which there will be a formal hearing that will see CNIL’s sanctions committee issue a draft decision.

A final decision on resolution and potential financial penalties would be likely to occur in mid-2023.

Criteo said it strongly disagreed with the rapporteur’s report, but said it had accounted for the proposed penalty in its financial statements for the period ending 30th June 2022.

Ryan Damon, chief legal officer at Criteo, said: “We strongly disagree with the findings in the CNIL investigator’s report, both on the merits relating to the investigator’s assertions of non-compliance with GDPR and the quantum of the proposed sanction.

“We find the merits of this report to be fundamentally flawed, and the proposed sanctions to be incommensurate with the alleged non-compliant actions.

“We look forward to further dialogue with the CNIL as well as to defend our case to the ultimate arbitrator of a final decision. Criteo continues to uphold the highest privacy standards, and operates a fully transparent and regulatory-compliant global business.”

@RESEARCH LIVE

0 Comments