HUBSIDE.STORE Slapped with €525,000 Fine by CNIL
The French Data Protection Authority, CNIL (Commission Nationale de l'Informatique et des Libertés), has levied a hefty fine of €525,000 against HUBSIDE.STORE. The penalty comes as a consequence of the company's flawed commercial prospecting tactics, violating crucial regulations set forth by the GDPR (General Data Protection Regulation) and the French Post and Electronic Communications Code (CPCE).
HUBSIDE.STORE, engaged in phone and SMS prospecting campaigns to boost the visibility of its products like mobile phones and laptops, was found to have purchased data from various brokers and publishers of competition and product testing websites. However, the CNIL's investigation uncovered alarming discrepancies in the consent mechanisms employed by the company's data suppliers, rendering the obtained consent invalid.
The CNIL's restricted committee, tasked with issuing sanctions, determined that the data collection forms used by the brokers failed to provide individuals with a clear and informed choice, thus infringing upon Article L. 34-5 of the CPCE and Article 6 of the GDPR. Consequently, HUBSIDE.STORE was found to have unlawfully conducted canvassing operations via SMS and phone calls.
Moreover, the committee highlighted HUBSIDE.STORE's failure to adequately inform individuals during phone prospecting, violating Article 14 of the GDPR. The lack of essential information, including the organization's identity, contact details, data usage purposes, retention periods, and individuals' rights, deprived them of the ability to exercise control over their personal data.
The collaborative effort between CNIL and its counterparts in Belgium, Italy, Spain, and Portugal, under the one-stop shop procedure, underscored the cross-border implications of HUBSIDE.STORE's data processing practices. With operations spanning multiple EU member states, the company's misconduct raised concerns beyond France's borders.
The imposed fine, amounting to approximately 2% of HUBSIDE.STORE's turnover, reflects the severity of the violations and the company's accountability in utilizing improperly obtained data for extensive commercial prospecting. The committee's decision underscores the imperative for businesses to ensure compliance with data protection regulations, safeguarding individuals' privacy rights in an increasingly digitalized world.
The CNIL's stringent enforcement against HUBSIDE.STORE serves as a stern warning to companies engaging in commercial prospecting activities. Upholding the principles of transparency, consent, and accountability remains paramount in the ethical handling of personal data, as emphasized by the regulatory authority's decisive actions.
The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.