French regulator launches investigation of Criteo following PI's complaint

The French Data Protection Authority CNIL has confirmed that they are investigating AdTech company Criteo following Privacy International's complaint.

News & Analysis
Man writting on paper on a desk

Almost a year and a half ago we complained about seven companies to three data protection authorities in Europe. These companies, ranging from AdTech to data brokers and credit rating agencies, thrive on the collection, exploitation and processing of personal data. They profile and categorise people - without our knowledge and infringing multiple legal requirements.

Now, the French Data Protection Authority CNIL has informed us that they are following the same route and launching an investigation into one of these companies, Criteo!

This follows investigations by the Irish and UK Data Protection Authorities:

CNIL’s confirmation that they are investigating Criteo is important and we warmly welcome it. The AdTech ecosystem is based on vast privacy infringements, exploiting people’s data on a daily basis. Whether its through deceptive consent banners or by infesting mental health websites these companies enable a surveillance environment where all you moves online are tracked to profile and target you, with little space to contest.

Under GDPR, the CNIL has the power to investigate and then, depending on the results, consider an enforcement action. These actions can range from prohibiting data being used in certain ways to fines for violations of up to 4 percent of a company’s global revenue or 20 million euros, whichever is higher. But most importantly, we hope that this investigation will lead to broader consideration of the AdTech industry and their practices, setting an example and prompting change in the ecosystem.

This is good news, but its just the beginning. We need scrutiny and enforcement of this industry to tackle this root cause of so many problems. The fight against AdTech continues.