Generic filters
Exact matches only
Search in title
Search in content
Filter by Custom Post Type
Posts
Filter by Categories







Yahoo! Faces 10M EUR Data Protection Violation Fine in France

Executive Summary

CNIL, the French data protection authority, recently fined Yahoo! €10 million. This penalty addresses Yahoo’s violation of data protection laws.

Yahoo! faced criticism for depositing cookies on user devices without obtaining proper consent. Furthermore, the company made it challenging for users to withdraw their consent, threatening adverse consequences.

Notably, a significant factor in the calculation of the large fine was that this issue impacted a substantial number of users, specifically around 5 million unique visitors.

Findings

The investigation by CNIL unveiled Yahoo!’s significant data protection violations.

Yahoo! had placed at least 20 cookies on user devices without the users’ consent. This issue persisted even though an option to manage settings is available. 26 cookies, including those for advertising, were present without proper authorisation.

Moreover, users encountered discouragement when they attempted to withdraw their consent. For instance, they were warned of losing access to services like Yahoo! mail. CNIL highlighted that consent should be given freely and that users should not face penalties for withdrawing consent.

Outcome

CNIL‘s response to Yahoo’s data protection violation was firm, resulting in a €10 million fine.

Recent CNIL Penalty on NS Cards France

In another noteworthy case in France from January 11, 2024, CNIL fined NS Cards France €105,000.

The company violated the General Data Protection Regulation (GDPR) through several actions:

  • Retaining personal data for an excessive duration,
  • Not informing data subjects adequately,
  • Implementing weak password security measures,
  • Depositing cookies without proper consent, similar to Yahoo!

These violations led to the imposition of a significant penalty on NS Cards France.

RECENT BLOG POSTS

PODCASTS

Cubic Lighthouse is a cybersecurity publication dedicated to demystifying security, making news actionable, providing deeper thinking about the fundamentals of security, and providing decision-makers and the community at large with the right information to make the right decisions. We will also feature more technical articles and provide personal/family security advice.

©2024 Cubic Consulting, a Smart Security Company for your Business – All Rights Reserved.