Criteo Slapped With $65m Fine For GDPR Violations, Says It ‘disagrees’ With Findings


Adtech agency Criteo is beneath the gun for alleged privateness violations. But the corporate denies that it has violated Europe’s information privateness legal guidelines.

It’s a tenuous time to be strolling the info privateness tightrope. Just ask Criteo. The publicly-traded adtech firm mentioned in a monetary submitting as we speak that it has been hit with a proposed high-quality of roughly $65.4m for alleged breaches of the EU’s sweeping General Data Protection Regulation (GDPR).

The information comes some two years after France’s information privateness physique Commission Nationale de l’Informatique et des Libertés (CNIL) launched an investigation into the corporate’s information practices.,edges&auto=format&dpr=1 1x,,edges&auto=format&q=40&dpr=2 2x,,edges&auto=format&q=20&dpr=3 3x” src=”,edges&auto=format” loading=”lazy” alt=”EU flags” title=”EU flags”/>

France’s CNIL is cracking down on GDPR infringements / Adobe Stock

While particular particulars in regards to the investigation and the explanations behind the proposed high-quality stay beneath wraps, Criteo’s chief authorized officer Ryan Damon as we speak issued a press release saying that the agency “strongly disagrees” with the report’s findings, “each on the deserves referring to the investigator’s assertions of non-compliance with GDPR and the quantum of the proposed sanction.” He went on to say that Criteo sees “the deserves of this report back to be basically flawed and the proposed sanctions to be incommensurate with the alleged non-compliant actions.”

The authentic CNIL investigation was kicked off after Privacy International – a nonprofit UK-based information privateness advocacy group – in 2018 filed a criticism with a handful of European authorities over the info processing practices of seven adtech corporations, together with Criteo. Specifically, Privacy International raised issues over whether or not Criteo was processing web customers’ information – together with delicate, particular class information – with the suitable consumer consent frameworks in place.

The newest Marketing information and insights straight to your inbox.

Get the perfect of The Drum by selecting from a collection of nice e-mail briefings, whether or not that’s every day information, weekly recaps or deep dives into Media or creativity.

Sign up

Privacy International additionally alleged that sure high-level GDPR rules reminiscent of equity, transparency, information minimization, accuracy, integrity and objective limitation weren’t being met by Criteo and different adtech corporations.

Criteo has the fitting to answer the investigation’s findings in writing and is getting ready for a proper listening to earlier than the CNIL Sanction Committee. Following this listening to, the committee will difficulty a draft choice that may then be reviewed by different European information authorities. A closing choice on the case – in addition to related fines – possible received’t be finalized till a while subsequent yr, in keeping with Criteo.

“We look forward to further dialogue with the CNIL as well as to defend our case to the ultimate arbitrator of a final decision,” mentioned Damon in his assertion. “Criteo continues to uphold the highest privacy standards and operates a fully transparent and regulatory compliant global Business.”

The information serves as a cautionary story for different promoting and know-how corporations that visitors in shoppers’ private info, particularly as privateness efforts all over the world ramp up.

“If [Criteo is] guilty of violating GDPR, it’s likely that most non-consumer-facing adtech companies – and many of the consumer-facing ones – are also guilty,” says Shiv Gupta, managing associate at U of Digital, a Digital Marketing schooling agency. At this level, he says, it’s unclear whether or not CNIL and different European information authorities are utilizing Criteo for example to warn others or whether or not this might be “the start of a series” of fining adtech firms for infringements.

Others note that adtech players are sure to be on edge after today’s news. “[This decision] has all adtech companies calling meetings with their data privacy teams,“ says Paul Roberts, chief executive officer and founder of adtech firm Kubient. “This sizable fine shows that any alleged GDPR violations will be taken very seriously…“

Considering this is among the first high-profile adtech companies to be hit with high GDPR penalties, Gupta predicts that the case is likely to be “dragged out and re-litigated many times over” – as a result of “precedent will be really important” shifting ahead.

For extra, join The Drum’s every day US e-newsletter right here.

Leave a Comment