France's data protection authority, the Commission nationale de l'informatique et des libertes, fined online advertising company Criteo 40 million euros for alleged EU General Data Protection Regulation violations. The CNIL said Criteo did not verify individuals' consent for data processing while violating principles for information and transparency, right of access, and data erasure. Privacy rights group NOYB data protection lawyer Romain Robert said the decision "is a strong signal to the ad-tech industry that they will face dire consequences" for violations.