Contact us

CNIL issues EUR 1.5 million fine in relation to cookie rule violations

On 27 November 2025, the French data protection authority (the CNIL) fined the French subsidiary of American Express EUR 1.5 million. The CNIL found that the company had:

  • placed cookies without consent
  • placed cookies when consent had been refused
  • Continued to use cookies despite withdrawal of consent

The regulators are still hot on the heels of cookie violations and given the increasing fines under the Privacy and Electronic Communications Regulations 2003 due to enter into force shortly, it is a good time to ensure you have your house in order. The CNIL made the point that the cookie rules are well established and so there is no reason for them not to be followed.

If you would like some help to tackle cookie issues, please get in touch by emailing hello@hellodpo.com and we would be happy to help.

A link to the CNIL press release can be found here.

Share:

Facebook
X
Pinterest
LinkedIn

Related Posts

View all
News

ICO fines Reddit £14.47 million for failures in processing children’s data

On 24 February 2026, the ICO confirmed a fine against Reddit Inc (Reddit) for £14.47 million for failures in processing...

Read more
Webinars

Preparing for the Digital Omnibus: Navigating privacy with global regulatory divergence

The Digital Omnibus announced by the EU Commission aims to help harmonise and simplify the EU digital regulatory framework. In...

Read more
News

How to run a successful data champions programme

The role of a DPO can be a solitary one, in this article for Privacy Laws and Business, Jenai Nissim...

Read more
News

ICO fines MediaLab.AI Inc for failures in handling children’s data

On 5 February 2026, the ICO fined MediaLab.AI Inc. (MediaLab), who own the social media platform Imgur £247,590, for failing...

Read more
News

The Data (Use and Access) Act 2025 changes come into force

On 5 February 2026, the majority of the data protection provisions under the Data (Use and Access) Act 2025 (DUAA)...

Read more
News

ICO issues report on Agentic AI

The ICO’s latest tech futures report focuses on agentic AI. The ICO notes that agentic AI is evolving at pace...

Read more

Our experience...

Speaks for itself through collaboration with leading global brands such as…

  • Tech giants
  • Health tech start-ups
  • Forward-thinking financial institutions
  • Global dating app
  • One of the largest entertainment record labels globally
  • Shopping meccas
  • National broadcasters
  • Professional services firms and regulators
Contact us
0 +

Sector specialisms and in-depth experience

0 %

Client retention rate and long lasting relationships

0 s

Learners who complete our data protection training each year

Skyscanner logo

Don't just take our word for it

“If you’re looking for trustworthy, pragmatic and diligent legal advisors, say Hello(to)DPO! The team has been a great support to Skyscanner on a broad range of privacy and data protection matters, whether advising at a compliance level or on more acute legal issues. You’ll enjoy considerate, timely and helpful advice, provided by professionals with whom it’s a delight to work.”

Gemma Witham
Director of Legal (Privacy), Group Privacy Officer, Sykscanner Limited

HR Dept logo

Don't just take our word for it

“We have been working with HelloDPO for several years now and I have always found them to be friendly, approachable and above all professional in their approach. I would have no hesitation in recommending them.”

Serena May
Director, Southern HR Ltd

AETNA logo

Don't just take our word for it

“We have worked with Jenai, Alison and the HelloDPO team for over 5 years as our DPO and have found their advice and support invaluable. They are pragmatic and flexible in the advice they provide, and assist in making data protection compliance apply in a corporate environment. Working with them is like having additional members of our team, and the relationship has flourished over time.”

Craig Saunders
Head of International Privacy, Aetna Global Benefits (UK) Ltd

 

Frasers Hospitality logo

Don't just take our word for it

“The team (Jenai and Lisa) provided DPO services and compliance support to our business for over a year, during which they consistently delivered high quality advice and excellent client service. The demands of the hospitality industry are high and HelloDPO adapted to this quickly and seamlessly – they are responsive, knowledgeable, and pragmatic. They are also a pleasure to work with.”

Frasers Hospitality (UK) Ltd

Chartered Accountants Worldwide logo

Don't just take our word for it

“We have been working with HelloDPO for nearly a year. The team have been great to work with, highly professional and flexible. Most importantly, they have given clear advice and guidance in what is a very complex area. Well done and we look forward to continuing working with you!”

Ruth Hidalgo
Director, Chartered Accountants Worldwide

Cadogan logo

Don't just take our word for it

“The HelloDPO team have led us patiently through the intricacies of GDPR over the years, helping us to navigate a careful path to ensure understanding of the rules and therefore compliance with them. HelloDPO are a pleasure to work with and I’d have no hesitation in recommending them to others looking for good, commercial advice in this complex area.”

Sanjay Patel
Finance Director, Cadogan Group Limited

Compre logo

Don't just take our word for it

“We have recently engaged HelloDPO and the team, led by Jenai, has been responsive, practical and generally very helpful when dealing with our data protection queries. We look forward to what’s on track to becoming a great working relationship!”

Federica Cozzani
Senior Legal Counsel, Compre Group

Outlogic logo

Don't just take our word for it

“Jenai and Emma are amazing to deal with. They strike the right balance between understanding the business needs while doing it’s fiduciary duty to ensure we are on the right track from a legal, ethical and moral perspective. Working with HelloDPO’s guidance over the past 2 years has enabled X-Mode (now known as Outlogic) to be able to navigate complex and at times uncertain waters with GDPR in a strategic and ethical manner.”

Joshua Anton
CEO, Outlogic

Vue logo

Don't just take our word for it

“A great bespoke service, delivered flexibly by absolute experts in a friendly, collaborative and accessible way. I cannot recommend more highly!”

Clare Russell
Interim Head of Legal, Vue UK and Ireland

Jigsaw logo

Don't just take our word for it

“HelloDPO have been brilliant at getting our data compliance into shape. We have come such a long way in our ways of working and they are always on hand to help when we have complicated or urgent issues – they have simply become part of the team.”

Josh Towb
Head of Business Transformation, Jigsaw

Channel 4 logo

Don't just take our word for it

“The HelloDPO team have provided Channel 4 with a wide range of data protection advice over the years. Alison is always delightful to work with, and her advice is pragmatic and set within a commercial context, which is particularly helpful. HelloDPO runs regular DP Confessionals, which provide our team with a valuable wider industry view and a sense of issues which other organisations are struggling with, and the ways in which they are approaching them.”

Rebecca Miller
Channel 4

Mug of coffee

Let’s chat

Book a free 30 min discovery call with our expert team and we’ll advise how we can help.

Contact us