• by Ray Schultz , July 30, 2021

Iconic French newspaper Le Figaro has been fined €50,000 ($59,000) for placing cookies without permission, in violation of the General Data Protection Regulation (GDPR). 

The fine was issued to the paper’s publisher by the Commission Nationale de l’Informatique et des Libertés (CNIL), according to EuraCTIV.com. 

The fine was not huge as such things go, but it serves “as an example to other websites and to let the industry know that such penalties don’t just happen to big companies like Google or Amazon,” says Florence Chafiol, a partner in the Paris law firm of August Debouzy, EuraCTIV.com reports.  

The CNIL charged Le Figaro with failing to alert or ask permission to visitors to the lefigaro.fr website to place the cookies, based on checks it made between 2020 and 2021, the report continues. 

American publishers with subscribers in Europe also face penalties for failing to collect permission for cookies, email marketing and use and transfer of data, and for not acceding to data access and deletion requests by consumers.

The GDPR requires transparency and consent across the board. But enforcement can vary by country. 

A British court ruled a U.S. publication, Forensic News, is not subject to the GDPR earlier this year. “I cannot accept the proposition that less than a handful of UK subscriptions to a platform which solicits payment for services on an entirely generic basis, and which in any event can be cancelled at any time,” violates the spirit or provisions of the GDPR, wrote Justice Robert Jay. 

But that decision may be an anomaly, given the jurisdiction and the small size of Forensic News, and the minority view that UK firms can soft-pedal some GDPR requirements, now that the country is out of the EU. Still, such those demands are seeping into privacy bills being introduced in the U.S. 

Accellion’s Vince Lau, in a post on Security News, advises companies to: 

• Protect consumer data that you collect, store or use. Email data must be protected with an encryption algorithm. 
• Delete the data and not keep it for any longer than is absolutely necessary.  

• Restrict yourself to the six lawful uses of consumer data: with consent, in performance of a contract, for legitimate vital interest, or public interest, and for a legal requirement. 
• Observe the consumer’s right to be forgotten.