France’s data protection authority, the Commission nationale de l'informatique et des libertés, fined legal service provider Infogreffe 250,000 euros for violating the EU General Data Protection Regulation. An investigation found alleged violations of data retention requirements under Article 5(1)(e) of the GDPR and data security obligations under Article 32. The CNIL found 25% of Infogreffe users had their data held by the website beyond the stated 36-month period.
13 Sept. 2022
CNIL issues 250K euro fine over data security, retention violations
Related stories
Italy's DPA reaffirms ban on Replika over AI and children's privacy concerns
Support for AI Act pause grows but parameters still unclear
Can inferred insecurity about physical traits be regulated as sensitive data?
Meta's risk assessment updates look toward 'holistic' approach
The final days of grace: Preparing for the U.S. sensitive data rule
