arrow_back
Back to Articles
Transfer of data to a social network for advertising purposes: the CNIL imposed a fine of €3.5 million - CNIL
CNIL (France)
January 22, 2026
medium impact
CNIL fines company €3.5 million for unauthorized data transfer to social network for advertising The French data protection authority (CNIL) has imposed a €3.5 million fine against a company for transferring personal data to a social network for advertising purposes without proper legal basis or user consent. This enforcement action underscores CNIL's commitment to enforcing GDPR and French data protection regulations, particularly regarding the unlawful processing and transfer of personal data for commercial purposes. The case highlights the regulatory risks companies face when sharing user data with third parties for targeted advertising without explicit consent or legitimate legal grounds.
Key Takeaways
- arrow_right_alt CNIL imposed a €3.5 million penalty for unauthorized data transfers to social networks for advertising
- arrow_right_alt The violation involved processing personal data without proper legal basis or user consent
- arrow_right_alt This enforcement action demonstrates CNIL's active monitoring of GDPR compliance in data sharing practices
- arrow_right_alt Companies face significant financial penalties for improper data transfers to third parties for commercial purposes