Skip to content

French privacy watchdog fines edtech powerhouse Criteo €40 million for GDPR violations


French advert tech large Criteo fined €40 million over privateness breach

French promoting specialist large Criteo has been issued with a revised tremendous of €40 million ($44 million) for failing to acquire prospects’ consent by focused promoting.

Privateness Worldwide Criticism

The case in query dates again to 2018 when Privateness Worldwide filed a proper criticism with France’s information privateness watchdog Fee Nationwide de l’Informatique et des Libertés (CNIL) utilizing GDPR legal guidelines, which have been lately launched within the EU Was. , Privateness Worldwide, together with Know Your Enterprise (NOYB), raised considerations concerning the information processing actions of gamers within the information broking and edtech business, together with Criteo.

Manipulation Machine and Behavioral Retargeting

Criticism centered on what is alleged to be a worldwide privateness manipulation machine utilized by Criteo. This machine employed numerous monitoring and data-processing strategies to create profiles of net prospects for targeted selling. Considered one of these strategies, typically known as behavioral retargeting, entails utilizing prior on-line observe to find out prospects’ preferences and goal them with related advertisements. Worldwide Privateness and NOYB argued that Criteo didn’t have a legitimate authorized foundation for this surveillance.

Preliminary decision and Crito’s response

In August 2022, the CNIL reached a preliminary ruling that Criteo violated the GDPR and imposed a tremendous of €60 million. Nonetheless, Crito sought to cut back the quantity by claiming that his actions have been unintentional and didn’t trigger hurt. The corporate argued that elements such because the absence of proof of hurt, measures taken to mitigate hurt, cooperation with the supervisory authority and fewer intrusiveness of related private information ought to result in a big discount in high quality.

Exemption of high-quality and findings of CNIL

After contemplating Crito’s arguments, the CNIL diminished the standard by a 3rd. Nonetheless, the CNIL’s closing report nonetheless highlighted severe violations by Criteo. The report outlined 5 breaches, together with failure to acquire the person’s consent, failure to offer ample particulars about data processing, failure to respect the appropriate to entry and withdraw consent, and make clear with the related firms. Contains failure to compromise. Data Administration.


The revised high quality of €40 million displays CNIL’s dedication to implement GDPR legal guidelines and defend prospects’ privateness. The case serves as a reminder to firms within the edtech business to make sure compliance with information safety legal guidelines and procure correct consent for focused promoting.

Ceaselessly Requested Questions (FAQs)

1. What was the particular high quality imposed on Criteo?

The distinctive high quality imposed by CNIL on Criteo was €60 million.

2. Why did Criteo search to cut back high quality?

Criteo argued that its actions have been unintentional and didn’t trigger damage. The corporate believed that the absence of proof of hurt, measures taken to cut back damage, cooperation with supervisory authority, and fewer intrusion of associated personal data justified a significant discount in high quality.

3. How a lot has the standard decreased?

CNIL diminished the premium imposed on Crito by a 3rd, bringing the revised premium to €40 million.

4. What are the violations recognized by CNIL?

CNIL recognized 5 violations involving Criteo’s ad-tracking know-how, together with failure to acquire particular person consent, failure to offer ample particulars relating to data processing, failure to respect the appropriate of entry and withdrawal of consent Contains failure, and failure to articulate. Agreements with companion firms associated to data governance.

5. What does this case spotlight for the EdTech enterprise?

The case highlights the significance of complying with information safety legal guidelines and acquiring correct consent for focused promoting within the edtech business.


To entry further info, kindly seek advice from the next link