The year began with difficulty for the Free Mobile company, which was fined € 300,000 following several breaches noted by the CNIL.
Yesterday, the CNIL imposed a fine of € 300,000 at Free Mobile after having identified several breaches related to the General Data Protection Regulations. Among the dysfunctions pointed out by the French gendarme, the fact that the company stored and transmitted passwords in clear, and that it ignored requests for opposition to commercial prospecting.
Four GDPR breaches
After studying complaints from individuals, and studying the file, the CNIL finally retained four breaches of GDPR. The regulator quotes first “A breach of the obligation to respect the right of access of individuals to data concerning them (art. 12 and 15 of the GDPR)” and “A breach of the obligation to respect the right of opposition of the persons concerned (art. 12 and 21 of the RGPD)”. Concretely, this means that the company refused requests from customers who wanted to access their data, or be removed from advertising listings.
Comes next “A breach of the obligation to protect data by design (art. 25 of the GDPR)”, which allowed the company to continue sending invoices to customers whose subscriptions had been canceled. Finally, the CNIL points the finger “A breach of the obligation to ensure the security of personal data (art. 32 of the GDPR)”, because “The company transmitted by email, in clear, the passwords of the users when they subscribed to an offer”.
Calculated according to the financial situation of the company, the amount of the fine therefore reaches € 300,000, in accordance with 2.1 billion euros in revenue announced by Illiad during its last annual exercise.