Accor was fined 600,000 euros by CNIL.
The French hotel group is accused of conducting “commercial searches without the consent of interested parties” and of “failing to respect the rights of customers and potential customers,” according to a CNIL press release.
The CNIL and some other European bodies have received complaints about the difficulties people face in exercising their rights.
Several anomalies noted due to lack of agreement
In its survey, CNIL found that customers who booked directly with hotel staff or on the website of one of the Accor group brands automatically received a newsletter with commercial offers from partners. As a result, the consent box was pre-checked by default, explains the regulator.
CNIL elaborates that it also noted “technical anomalies” that prevented “a significant number of people from effectively objecting to receiving intelligence reports.”
The CNIL, as the lead supervisory authority in this case, has submitted the draft decision to the relevant data protection authorities. One of them, the Polish data protection authority, expressed its opposition to the project, so the European Data Protection Board (EDPS) was also called upon to look into the matter. After reviewing the case, the EDPS “directed the CNIL to review the amount of the fine and increase it so that the measures taken were more dissuasive.”
Consequently, a fine of 600,000 euros was withheld from the French company. To justify this amount, CNIL states that it took into account “the number of violations claimed against the company, the fact that these violations involve several fundamental principles of personal data protection and that they constitute a material violation of the rights of individuals, as well as the number of persons concerned and financial position of the company.