Show all guides
Europe
GDPR

France’s CNIL fines France Travail €5 million over jobseeker data security failures

Last update:
Jan 29, 2026

France’s data protection authority (CNIL) recently informed the public that it had fined France Travail, a local employment platform, €5 million after finding the organization did not adequately protect jobseekers’ personal data. The CNIL’s decision followed a 2024 security incident that the company reported to authorities. Following an investigation, it was determined that the company did not use the expected authentication mechanisms required to protect users’ data. 

Businesses must keep in mind that if access controls and account protections are not strong enough to withstand realistic phishing and social engineering attempts, organizations may be found at fault. The expectation is that systems holding broad population-level datasets should have mature, tested security measures, given the wide potential impact.

The full guidelines can be found
here

Related Guides

Birthlink fined £18,000 for deletion of sensitive adoption records

July 28, 2025

The UK ICO fined charity Birthlink £18,000 after losing sensitive adoption records. The case highlights UK GDPR duties to protect and retain personal data, with regulators stressing the severe emotional harm caused by the loss.
Europe
GDPR

DLA Piper report puts 2025 GDPR fines at about €1.2 billion

January 21, 2026

DLA Piper’s 2025 report shows €1.2B in GDPR fines and rising breach notifications. Total penalties since 2018 reached €7.1B, signaling growing regulatory scrutiny of data governance and security practices.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only