France
ACTIVE ASSURANCES (car insurer)
180,000 €
GDPR enforcement action by French Data Protection Authority (CNIL) on 2019-07-25.
Rank · Sector
#62
of 321 in Finance, Insurance and Consulting
Rank · France
#43
of 73
Rank · All fines
#375
of 3,039
Case details
- Authority
- French Data Protection Authority (CNIL)
- Date
- 2019-07-25
- Controller / Processor
- ACTIVE ASSURANCES (car insurer)
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 32 GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
Large amount of customer accounts, clients' documents (including copies of driver's licences, vehicle registration, bank statements and documents to determine whether a person had been the subject of a licence withdrawal) and data were easily accesible online. The CNIL, between others, critizised the password management (unauthorized access was possible without any authentication).
Open original source
Links to the regulator's original publication or another source.
Related fines
France
2025-09-01
200,000,000 €
ETid-2862
GOOGLE LLC
Media, Telecoms and Broadcasting
France
2025-09-01
150,000,000 €
ETid-2864
INFINITE STYLES SERVICES CO. LIMITED
Industry and Commerce
France
2025-09-01
125,000,000 €
ETid-2863
GOOGLE IRELAND LIMITED
Media, Telecoms and Broadcasting
France
2021-12-31
90,000,000 €
ETid-978
Google LLC
Media, Telecoms and Broadcasting
France
2021-12-31
60,000,000 €
ETid-979
Google Ireland Ltd.
Media, Telecoms and Broadcasting
France
2021-12-31
60,000,000 €
ETid-980
Facebook Ireland Ltd.
Media, Telecoms and Broadcasting