Fines imposed by the CNIL (French Data Protection Authority) surged to €487 million last year, nine times more than projected for 2024, driven by sanctions against Google and Shein. The French regulator is also intensifying its monitoring of data security breaches.
These are the main lessons learned from the review of sanctions imposed by the authority in 2025, as highlighted in an article published by La Tribune.
When questioned on this subject, our partner Alan Walter pointed out that data security issues are increasingly central to investigations, even though many cases involve service providers who have mismanaged data hosted on behalf of their clients.
Read Bogdan Bodnar’s article here.
