France's data protection authority, the Commission nationale de l’informatique et des libertés, issued a 400,000 euro fine to U.S.-based biotechnology firm Monsanto Company for violating an individual's right to know under the EU General Data Protection Regulation. Monsanto allegedly held a file carrying personal information of 200 individuals without informing them what data was collected. Information gathered included individuals' occupations, company address and phone number, as well as personal mobile number and email address.
28 July 2021
CNIL issues 400K euro GDPR fine over 'right to know'
Related stories
Notes from the Asia-Pacific region: Australia eSafety Commissioner launches social media age restrictions hub
EU Data operational impacts: The Data Act's interplay within the EU digital rulebook
Notes from the IAPP Europe: A focus on the Digital Networks Act
The 2025 Brazilian DPO: Navigating high risks with limited runways
PETs: Beyond privacy-enhancing
