GDPR: Accor subject to a fine of 600,000 euros
The CNIL imposed a fine of 600,000 euros against Accor.
The French hotel group is accused of having carried out “commercial prospecting without the consent of the persons concerned” and of “not having respected the rights of customers and prospects”, indicates the CNIL in a press release.
The CNIL and several other European authorities have received complaints relating to the difficulties encountered by people in exercising their rights.
Several anomalies noted on the lack of consent
In its survey, the CNIL found that customers who booked directly with hotel staff or on the website of one of the Accor group brands then automatically received a newsletter containing commercial offers from partners. As a result, the consent box was pre-ticked by default, explains the regulatory authority.
The CNIL specifies that it has also noted “technical anomalies”, which prevented “a significant number of people from effectively opposing the receipt of prospecting messages”.
The CNIL, as the main supervisory authority on this file, has submitted a draft decision to the data protection authorities concerned. One of them, the Polish data protection authority, has expressed its disagreement with this project, which is why the European Data Protection Board (EDPS) has also been called upon to take up the case. After examining the case, the EDPS “enjoined the CNIL to re-examine the amount of the fine and to increase it so that the measure taken is more dissuasive”.
Consequently, a fine of 600,000 euros was withheld against the French company. To justify this amount, the CNIL says it has taken into account “the number of breaches alleged against the company, the fact that these breaches relate to several fundamental principles of the protection of personal data and that they constitute a substantial violation of the rights of individuals , as well as the number of persons concerned and the financial situation of the company”.