The Cnil has sanctioned EDF with a fine of 600,000 euros for crimes related to personal data and commercial prospecting, the French personal data police said on Tuesday.
Prey to several complaints, the institution “considered that the company had breached several obligations provided for in the General Data Protection Regulation (RGPD) and the Postal Code and Electronic Communications (CPCE)”, and decided to make public the sanction pronounced on last november. 24, details a press release.
According to the Cnil, the amount of the fine takes “into account the collaboration of the company and all the steps it has taken during the procedure to comply with all the infractions that it is accused of”.
question of consent
In particular, the main electricity provider in France was unable to demonstrate that it had obtained the prior valid consent of the recipients of a commercial prospecting campaign by electronic means carried out between 2020 and 2021.
EDF also breached its obligation to inform people about the use of personal data used on its website and did not respond in time to people who wanted to exercise their rights to access or oppose the use of their data.
Finally, the restricted formation of the Cnil sanctioned the lack of password security, which can generate risks for Internet users in the event of hacking.
Source: BFM TV
