CNIL (France) - SAN-2025-015
Content
The data protection authority (DPA) has imposed a fine of €1,700,000 on a data processor that had incorrectly configured a software program. This program processed files related to people with disabilities, which resulted in a large-scale data breach. The data protection authority has imposed a fine of €1,700,000 on a data processor that had incorrectly configured a software program. This program processed files related to people with disabilities, which resulted in a large-scale data breach.
== Summary in English ==
== Summary in English ==
=== Facts ===
A software consultancy firm (the data processor) provided software to a government agency (the data controller) for the processing of files related to people with disabilities. A software consultancy firm (the data processor) provided software to a government agency (the data controller) for the processing of files related to people with disabilities. This software allowed users (data subjects) to upload their files and track their progress through an online portal. This software allowed users (data subjects) to upload their files and track their progress through an online portal.
This content has been automatically translated using machine translation. The original version is available in the source language.
This content was automatically translated using machine translation. The original version is available in the source language.