The sanction fell. The company Free Mobile was condemned by the Cnil (National Commission for Informatics and Freedoms) to a fine of 300,000 euros, the digital gendarme said on Tuesday.
Several users had sent him complaints because the French operator did not allow them “to access data concerning them” or “to oppose the receipt of prospecting messages”.
After investigation, the CNIL noted a data protection defect from the design stage and a data security defect, notably with the “transmission of non-temporary passwords in clear by e-mail”. The digital policeman also found proof of a “breach of the obligation to respect the right of access of people to data concerning them”, since the company did not respond to the requests made by the complainants who wished have access to their data on time.
Four offenses retained
“A breach of the obligation to respect the right of opposition of the persons concerned (…), since the company did not take into account the requests of the complainants aiming that no more commercial prospecting messages were taken into account. be addressed to them “as well as a breach of the obligation to protect data by design (…), since the company continued to send complainants invoices concerning telephone lines whose subscription had however been terminated” .
In all, the CNIL therefore retained four breaches of the GDPR (European data protection regulation). All the decisions of the regulator are not made public, but it was in order to “recall the importance of dealing with requests for human rights and the security of user data”, specifies the digital policeman.