CNIL Slaps Conde Nast With Fine for Cookie Violations
French privacy regulator CNIL fined publisher Conde Nast 750,000 euros ($870,000) for violating the country's Data Protection Act, it announced Thursday.
Sign up for a free preview to unlock the rest of this article
Privacy Daily provides accurate coverage of newsworthy developments in data protection legislation, regulation, litigation, and enforcement for privacy professionals responsible for ensuring effective organizational data privacy compliance.
Conde Nast's website vanityfair.fr failed to comply with rules on trackers (cookies) placed on the devices of users visiting the site, the DPA said. Its decision followed complaints from privacy activist Noyb in 2019, which resulted in a proceeding that closed in July 2022, and further CNIL inspections in July and November 2023 and February 2025.
Specifically, the watchdog said, Conde Nast failed to obtain users' consent before placing cookies; failed to give users clear information about cookie purposes; and used faulty mechanisms for refusing and withdrawing consent.
The fine took into account the fact that the company had already been issued a formal notice, the number of people affected by its noncompliance and the various violations of cookie rules, CNIL said.