Skip to content

menu

Open Legal Blog Archive logo
HomeAboutBlogsFAQsSubmit

CNIL Issues Major GDPR Fine That Highlights Importance of Clearly Stating Data Handling Processes

By Odia Kagan on January 22, 2019

A 50 Million Euro GDPR fine recently issued by French data protection authority CNIL provides actionable lessons for companies handling personal information for advertising purposes. First and foremost, refrain from block consents; state your data handling practices clearly:

  • make sure information you provide users is easily accessible
  • tell people why you process their information, for how long you keep it and the categories of it
  • put the information in one or limited locations
  • refrain from requiring multiple actions to access the necessary information
  • describe your purposes specifically, and clearly.

Vague statements like “any of the following purposes may apply” will not suffice. – when relying on consent:

  1. Provide clear disclosure in a centralized location. This is particularly important if the processing is complex, uses information from different sources or involved sensitive information
  2. Require action by the user to signify consent ( no pre-checked checkboxes).
  3. Use separate call outs for each purposes. Statements like: “I accept that my information is used as described above ” may not suffice.

Details from CNIL.

More here from Law360.

  • Posted in:
    Privacy & Data Security
  • Blog:
    Privacy Compliance & Data Security
  • Organization:
    Fox Rothschild LLP
  • Article: View Original Source

Open Legal Blog Archive, Inc. logo
Seattle, Washington
Copyright © 2026, Open Legal Blog Archive, Inc. All Rights Reserved.
Law blog design & platform by LexBlog LexBlog Logo