France’s knowledge safety regulator, the CNIL, simply hit Criteo with some not-so-très-bien information.

The CNIL is planning to suggest a superb of $65 million in opposition to Criteo for alleged GDPR violations, the corporate introduced in an SEC filing on Friday.

The submitting may be very skinny on element. For instance, it’s not even clear what follow or knowledge use Criteo is being dinged for.

Within the submitting, Criteo stated it was made conscious of the information by the rapporteur assigned to this investigation. A rapporteur isn’t the antitrust enforcer investigating the costs, however moderately an EU appointee elected by fellow members of parliament to file and draft a report about legislative proceedings for a regulator or different EU administrator.

As soon as the cost turns into public, it is going to be submitted to a physique of EU knowledge safety authorities earlier than the sanction is confirmed.

The soonest Criteo expects to face an precise potential penalty is mid-2023.


If that sounds slow-moving, contemplate that the unique authorized criticism that triggered this investigation was first submitted to the CNIL in November 2018 by an advocacy group known as Privateness Worldwide. That criticism alleged that a lot of the programmatic and third-party knowledge market was in violation of GDPR. Criteo, Tapad, Quantcast, Acxiom, Experian, Equifax and Oracle had been all named within the 2018 submitting, although the CNIL’s investigation of Criteo solely started in 2020.

The aura could also be irritating, although it’s not shocking or out of character for European regulators.

Criteo has additionally stated it won’t talk about the difficulty any additional till the proceedings are resolved, past an announcement from Ryan Damon, the corporate’s chief authorized officer.

“We discover the deserves of this report back to be basically flawed, and the proposed sanctions to be incommensurate with the alleged non-compliant actions,” Damon stated within the submitting.

Robust instances

Advert tech has been underneath the microscope ever since GDPR hit the scene in 2018.

Earlier this 12 months, the Belgian knowledge regulator issued an edict that IAB Europe’s Transparency & Consent Framework was unlawful in its present kind underneath GDPR. (IAB Europe was able to give its members as heads up two months earlier than the information was formally introduced.)

However a heads up isn’t at all times sufficient to save lots of corporations from the fallout that follows a regulatory pronouncement, even when they’re given time to try to treatment the issue earlier than particulars are shared publicly.

All a regulator has to do is say “boo” for a corporation in its crosshairs to get put by the wringer.

In 2018, the CNIL introduced numerous cases against tech companies big and small, and launched a bunch of experiences relating to investigations earlier than these investigations had been resolved. In lots of situations, there was no penalty issued, as a result of the corporate was in a position to treatment

the violation, display good religion effort to conform and keep away from a sanction.

However simply the information of a CNIL investigation alone whatever the end result is sufficient to freak out its prospects and put the stopper on new enterprise.

The CEO of Fidzup, a French location knowledge startup, penned a Medium put up in 2020 condemning the CNIL for the death of his company, which by no means recovered after the CNIL introduced an investigation, regardless of the corporate by no means being sanctioned. Teemo, one other French knowledge startup, was purchased by a Singaporean firm and rebranded as a result of it couldn’t recuperate both.

Today, the CNIL is extra conscious of how its bulletins play to the general public and the impact they’ve on the enterprise group.

Criteo mis conscious of the information will play as nicely.

The rapporteur on this case up to date the corporate on August 3. Sooner or later later, Criteo reported its Q2 earnings. Criteo had a good quarter, and that information was allowed to take a seat for a minute earlier than Criteo filed an replace to the SEC on its pending CNIL sanction as we speak.

On the subject of Criteo’s earnings, the corporate made $18 million in revenue in Q2 2022 – simply to offer you a way of how a lot a $65 million superb would harm if it’s ultimately levied.