Home Ad Exchange News Criteo Expects Sanction For Undisclosed GDPR Violation

Criteo Expects Sanction For Undisclosed GDPR Violation

SHARE:

France’s data protection regulator, the CNIL, just hit Criteo with some not-so-très-bien news.

The CNIL is planning to recommend a fine of $65 million against Criteo for alleged GDPR violations, the company announced in an SEC filing on Friday.

The filing is very thin on detail. For example, it’s not even clear what practice or data use Criteo is being dinged for.

In the filing, Criteo said it was made aware of the news by the rapporteur assigned to this investigation. A rapporteur isn’t the antitrust enforcer investigating the charges, but rather an EU appointee elected by fellow members of parliament to record and draft a report about legislative proceedings for a regulator or other EU administrator.

Once the charge becomes public, it will be submitted to a body of EU data protection authorities before the sanction is confirmed.

The soonest Criteo expects to face an actual potential penalty is mid-2023.

If that sounds slow-moving, consider that the original legal complaint that triggered this investigation was first submitted to the CNIL in November 2018 by an advocacy group called Privacy International. That complaint alleged that much of the programmatic and third-party data marketplace was in violation of GDPR. Criteo, Tapad, Quantcast, Acxiom, Experian, Equifax and Oracle were all named in the 2018 filing, though the CNIL’s investigation of Criteo only began in 2020.

The air of secrecy may be frustrating, though it’s not surprising or out of character for European regulators.

Criteo has also said it will not discuss the issue any further until the proceedings are resolved, beyond a statement from Ryan Damon, the company’s chief legal officer.

“We find the merits of this report to be fundamentally flawed, and the proposed sanctions to be incommensurate with the alleged non-compliant actions,” Damon said in the filing.

Tough times

Ad tech has been under the microscope ever since GDPR hit the scene in 2018.

Earlier this year, the Belgian data regulator issued an edict that IAB Europe’s Transparency & Consent Framework was illegal in its current form under GDPR. (IAB Europe was able to give its members as heads up two months before the news was officially announced.)

But a heads up isn’t always enough to save companies from the fallout that follows a regulatory pronouncement, even if they’re given time to try and cure the problem before details are shared publicly.

All a regulator has to do is say “boo” for a company in its crosshairs to get put through the wringer.

In 2018, the CNIL brought a number of cases against tech companies big and small, and released a bunch of reports regarding investigations before those investigations were resolved. In many instances, there was no penalty issued, because the company was able to remedy

the violation, demonstrate good faith effort to comply and avoid a sanction.

But just the news of a CNIL investigation alone regardless of the outcome is enough to freak out its customers and put the stopper on new business.

The CEO of Fidzup, a French location data startup, penned a Medium post in 2020 condemning the CNIL for the death of his company, which never recovered after the CNIL announced an investigation, despite the company never being sanctioned. Teemo, another French data startup, was bought by a Singaporean company and rebranded because it couldn’t recover either.

These days, the CNIL is more mindful of how its announcements play to the public and the effect they have on the business community.

Criteo mis mindful of the news will play as well.

The rapporteur in this case updated the company on August 3. One day later, Criteo reported its Q2 earnings. Criteo had a decent quarter, and that news was allowed to sit for a minute before Criteo filed an update to the SEC on its pending CNIL sanction today.

On the topic of Criteo’s earnings, the company made $18 million in profit in Q2 2022 – just to give you a sense of how much a $65 million fine would hurt if it’s eventually levied.

Tagged in:

Must Read

Why Media Mergers And Spin-Offs Don’t Always Keep Their Promises

With media megamergers, acquisitions and spin-offs left and right, the media landscape is changing at a pace that is difficult to keep up with.

TransUnion is partnering with Blockgraph so that advertisers can use its identity data to target, reach and measure TV households across channels.

How This Disaster Relief Nonprofit Tapped First-Party Data To Reach Donors Year-Round

Staying top of mind for potential donors is an ongoing challenge for Direct Relief. Nexxen’s audience curation helped it spread and sustain awareness.

Why Major UK Publishers Are Finally Joining Forces To Curate Ad Inventory

Atria’s collective approach is a response to growing monetization challenges and the need to protect the value of human journalism in the AI era.

Privacy! Commerce! Connected TV! Read all about it. Subscribe to AdExchanger Newsletters
Toronto Canada pride parade includes a crowd waving pride flags

Ad Performance And Politics Steered Brand Dollars Away From LGBTQ+ Communities – But The Pendulum Will Swing Back

The current administration has discouraged many marketers and organizations from showing support for the LGBTQ+ community, including during Pride month.

How AI Can Enhance Content Without Generating It

As much as consumers complain about AI-generated content, advertising experts say AI still has an important place in video creation and production, including for ads. But using AI in content without turning off consumers is a tricky dance.

How Tovala Banks On Subscriptions And Incrementality – But Not Ads – To Profit From Its Oven

Smart TVs, refrigerators and other home appliances may pester you with marketing, but at least the hardware is cheap. Another startup taking a different approach to the same theory is Tovala, which was founded in 2015 and combines a standalone countertop oven with a weekly meal kit subscription.