Cnil Reports Unprecedented Surge in Fines for Personal Data Breaches in 2024
En 2024, la Commission nationale de l’informatique et des libertés (Cnil) a établi un nouveau record en matière de sanctions liées à des infractions concernant la protection des données personnelles, soulignant une augmentation notable des violations constatées cette année.
Tl;dr
- Record data violations and fines in France, 2024.
- Sanctions and complaints surge significantly, CNIL reports.
- Major firms fined; simplified procedures increasingly used.
A Surge in Data Breaches Unsettles France
In an atmosphere where digital privacy is a growing concern, the Commission nationale de l’informatique et des libertés (CNIL) has sounded the alarm. According to its latest report, 2024 witnessed an unprecedented escalation in both the number and scale of personal data breaches affecting millions of French citizens. The issue has prompted the French data protection authority to take firmer action than ever before.
Unprecedented Number of Sanctions and Complaints
Digging into the numbers reveals just how stark the situation has become. The CNIL received a record 17,772 complaints in 2024—an increase of 8% over the previous year. Of these, nearly 15,639 were processed, though more than 5,700 were ultimately deemed inadmissible. Perhaps most strikingly, the total number of sanctions issued more than doubled: from 42 in 2023 to an impressive 87 this year. As for financial penalties, they reached a cumulative 55.2 million euros, a sum that reflects both heightened vigilance and stricter enforcement.
One figure stands out: telecommunications operator Orange, fined a staggering 50 million euros for unauthorized advertisements. This penalty alone accounts for the lion’s share of this year’s fines. While last year’s overall sanctions (notably against Criteo and Amazon France Logistique) had pushed the total even higher at 89 million euros, this new record for frequency signals a shift in approach.
The Scale and Impact of Violations
But what lies behind these numbers? The CNIL’s report highlights that over 5,000 separate data breaches were recorded—a jump of 20% compared to last year. Major entities such as France Travail, Free, health insurance operators like Viamedis and Almerys, along with retail giant Auchan, all suffered significant incidents.
Several elements help explain this wave:
- The increasingly sophisticated nature of cyberattacks targeting large databases.
- The expansion of digital services collecting sensitive personal information.
- A greater awareness among citizens regarding their digital rights.
Simplified Procedures Take Hold
To cope with mounting caseloads and enforce compliance more efficiently, the CNIL continued to ramp up its use of a simplified sanction procedure introduced in 2022. In fact, no fewer than 69 penalties were handed down through this channel over the past year—evidence that regulators are adapting quickly to the scale of new threats. In parallel, there were also 180 formal notices issued alongside dozens of legal reminders.
Clearly, as privacy becomes a front-page concern in France’s digital society, regulatory bodies are both stepping up pressure on companies and modernizing their own response mechanisms—a trend likely to continue if current trajectories hold.