Carrefour fined 3.8 million euros for non-compliance with GDPR

Carrefour, a French supermarket multinational with operations in more than 30 countries, was fined € 3 million (almost RS $ 20 million) for multiple violations of the General Data Protection Regulation (GDPR). Information is from Infosecurity Magazine.

According to the portal, the fine was imposed by the National Commission for Computing and Freedom (CNIL), one of the main regulatory organizations for GDPR in Europe. In addition to the global supermarket chain, Banco Carrefour, known as Carrefour Soluções Financeiras in Brazil, was also fined by the agency, by € 800 thousand (more than RS $ 5 million).

The CNIL’s justification for fines is that information about protecting and using customer data was very complicated, inaccurate and in some cases even hidden in long documents, mixed with other information.

In addition, the company used illegally cookies and when a customer asked about how their data is being used by the company, Carrefour it was not transparent, operated with a restrictive policy and did not respond to requests on time cool. CNIL also considered that there was little information about data transfers outside the European Union.

The transparency of companies regarding the use of data from their customers and users is one of the main requirements of the GDPR and the General Data Protection Law (LGPD) in Brazil.

It is important to remember that Carrefour Brasil’s privacy policy page is extensive, but the content is transparent and customers can request review, anonymization or contest the treatment of their data that were collected by the company.

Out of context

In Brazil, Carrefour has been involved in three major controversies in recent years. November 2018: Manchinha was poisoned and beaten to death in Osasco (SP). August 2020: an employee died and his body was hidden under umbrellas in Recife (PE). November 2020: a man was beaten to death by security guards in Porto Alegre (RS).

Sources: Infosecurity Magazine; Carrefour.