FR | Commission Nationale de l'Informatique et des Libertés (CNIL)
Docket: N/A • data_protection_authority
2026-03-04
CNIL Decision No. SAN-2024-XXX: In re Société KASPR
privacy_violation
I. Executive Summary
The French data protection authority, CNIL, has officially closed the injunction originally issued against Société KASPR on December 5, 2024. The injunction was related to specific data protection concerns that were being monitored by the CNIL. Following a thorough review, CNIL determined that KASPR has satisfied the requirements previously set out in the injunction. This decision underscores the importance of compliance with data protection regulations in France and illustrates the CNIL's method of ensuring adherence to the standards established by the GDPR and other frameworks. The compliance strategy adopted by KASPR may serve as a reference for other organizations operating under similar regulatory scrutiny.
II. Conduct Analysis
KASPR was previously subject to an injunction for violating data protection regulations, requiring compliance improvements in how personal data was handled or processed.
III. Legal Foundations
The decision is grounded in GDPR principles, particularly around data protection and privacy obligations. Specific articles are not detailed in the decision summary.
IV. Key Facts
• On December 5, 2024, CNIL issued an injunction against KASPR for data protection concerns. • The injunction required KASPR to improve its data handling practices. • On March 4, 2026, CNIL reviewed and closed the injunction, confirming compliance.
V. Consequences & Sanction
Closure of the injunction signifies KASPR's compliance with the initial requirements set by CNIL.
The detailed sanctions from the original injunction included requirements for compliance enhancements, which have been successfully implemented as confirmed by CNIL's closure of the injunction.