France

TELEMAQUE

150,000 €

GDPR enforcement action by French Data Protection Authority (CNIL) on 2024-09-26.

Rank · Sector

#98

of 366 in Media, Telecoms and Broadcasting

Rank · France

#49

of 74

Rank · All fines

#410

of 3,042

Case details

Authority: French Data Protection Authority (CNIL)
Date: 2024-09-26
Controller / Processor: TELEMAQUE
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 5 (1) e) GDPR, Art. 9 GDPR
Type of violation: Non-compliance with general data processing principles

Summary

The French DPA imposed a fine of EUR 150,000 on TELEMAQUE. The controller is a company that offers digital services in the field of divinatory arts, including fortune telling by SMS, VAS or online chat. As part of its services, the controller regularly processed multiple categories of sensitive data (Art. 9 GDPR) without obtaining prior consent. The controller also stored customer data for six years after the end of the business relationship for marketing purposes. According to the French DPA, three years would have been admissible. This resulted in a fine of EUR 100,000. The fine increased by EUR 50,000 because the processor also infringed the French Post and Electronic Communications Code.

Open original source Links to the regulator's original publication or another source.