CNIL Imposes 200,000 Euro Fine on SAF LOGISTICS for Breaching GDPR

The CNIL (Commission Nationale de l'Informatique et des Libertés) imposed a fine of 200 000 euros on SAF LOGISTICS, an international freight company based in China, for collecting too much data from employees and infringing their privacy, as well as for not cooperating with the CNIL services. The investigation found that SAF LOGITICS was collecting an excessive amount of private information on employee's family members, such as identity, contact details, position, and marital status. In addition, the company was also collecting sensitive data, such as blood type, ethnicity, and political affiliation, without meeting any of the conditions provided by the GDPR (Article 9(2)). Furthermore, the investigation revealed that criminal records of some employees were kept, even though these employees had already been cleared by relevant authorities. Finally, when the CNIL asked the company to provide a translation of the form written in Chinese, they gave an incomplete translation, with fields about ethnicity and political affiliation missing. This was considered intentional as the company was attempting to prevent the CNIL from exercising its powers of investigation. As a result, the restricted committee issued a fine of 200,000 euros to SAF LOGISTICS.