CNIL (France) - SAN-2025-014
Content
The data protection authority has imposed a fine of 1 million euros on a company for failing to delete user personal data, processing this data for purposes that conflict with contractual agreements, and failing to maintain a register of processing activities. A subcontractor also received a fine of 1 million euros for the same violations: failing to delete user personal data, processing this data for purposes that conflict with contractual agreements, and failing to maintain a register of processing activities.
== Summary in English ==
== Summary in English ==
=== Facts ===
DEEZER (the controller) informed the French data protection authority (CNIL) about a data breach that affected 21,574,775 users, of whom 9,849,354 are located in France. The controller identified Mobius Solutions Ltd (the processor) as the source of the data breach. DEEZER (the controller) informed the French data protection authority (CNIL) about a data breach that affected 21,574,775 users, of whom 9,849,354 are located in France. The controller identified Mobius Solutions Ltd (the processor) as the likely source of the data breach. The D.
This content has been automatically translated using machine translation. The original version is available in the source language.
This content was automatically translated using machine translation. The original version is available in the source language.