France

CNIL fined TikTok €5 million for failing to provide a simple mechanism for refusing non-essential cookies on its platform for French users, and for failing to explain the purpose of cookies clearly.

CNIL fined Clearview AI €20 million for unlawfully collecting and processing biometric data of French residents without a legal basis, and for failing to respond to data subject access requests within the required timeframe.

CNIL fined health website Doctissimo €380,000 for multiple GDPR violations: collecting health data without valid consent, keeping data longer than necessary, and using outdated encryption protocols on its web server.

CNIL fined Google €150 million for making it more difficult for users to refuse cookies than to accept them. The cookie consent mechanism on google.fr and youtube.com did not provide a simple means to refuse all cookies, violating French data protection law.

CNIL fined Meta/Facebook €60 million for the same defective cookie consent mechanism. Users on facebook.com could not refuse cookies as easily as they could accept them, breaching Article 82 of the French Data Protection Act.