France’s data privacy regulator (CNIL) has fined the country’s biggest internet provider €50 million ($53 million) for sending customers ads they didn’t ask for and for continuing to use tracking code to monitor users’ activities even after they withdrew consent for the practice. The telecom giant Orange S.A. offers an electronic messaging service that CNIL said displayed advertising “in the form of emails among genuine emails in its users’ inboxes.” Those ads should not have been shown without user consent under the French Post and Electronic Communications Code (CPCE), CNIL said Tuesday in a press release. The French regulator also said that even after users indicated they no longer wanted cookies, or tracking code, following them on the web, Orange allowed previously stored cookies to continue capturing their internet activity, a violation of the French Data Protection Act. The company should have used technical tools to prevent the “reading of cookies under its control,” CNIL said, adding that it also should have ensured partners did the same. The fine, which was issued last month, was announced Tuesday. An Orange spokesperson said in a statement that the fine is “disproportionate” and that its actions “reflect common market practices that do not engage any exploitation of customers' personal data.” The company also said the regulator did not warn it to stop the practice prior to issuing the fine. It said it will appeal the decision in court. “The most important point is the fact that no customer data was used at any point without their prior consent,” the statement said. The large fine amount partially stemmed from the fact that Orange is the country’s leading telecommunications operator, CNIL said.
Get more insights with the
Recorded Future
Intelligence Cloud.