The Commission indicated that it had received “several complaints” concerning the difficulties encountered by customers in the French energy producer and supplier taking into account “their requests for access to their data” and “objection to receiving commercial prospecting calls”.
The amount of the fine was decided “in view of the breaches identified as well as taking into account all the measures taken by the company during the procedure to bring itself into compliance”, specified the Cnil in its press release. .
The company offered, on its website, a subscription form for an energy contract in which the user acknowledged giving his consent for the use of his personal data in order to subsequently receive commercial offers, without having the possibility of s oppose it.
However, according to the personal data policeman, the checks carried out made it possible to highlight four breaches of the General Data Protection Regulations (GDPR).
In July 2021, the social protection group AG2R La Mondiale received a fine of 1.75 million euros for non-compliance with the GDPR.
In particular, he was accused of not having provided all the elements required by the GDPR to people canvassed by telephone by subcontractors.
The company had however taken measures to correct these shortcomings, which the body of the Cnil in charge of the sanctions had “taken note”.