The French data protection authority, CNIL, has imposed a coercive fine of 10 million euros on Yahoo! for numerous breaches of the European General Data Protection Regulation (GDPR). These violations were discovered after a thorough investigation that exposed Yahoo!'s failure to implement sufficient security measures to safeguard user data. The breaches led to unauthorized access to user data, including email content, by hackers.

Insufficient Security Measures

Yahoo! was criticized by the CNIL for its lack of appropriate technical and organizational measures to ensure the security of personal data, as required by the GDPR. Yahoo! was found to have gaps in its security protocols, rendering user data susceptible to cyber-attacks. Users of Yahoo!'s email client were also denied the freedom to withdraw their consent to cookies freely, compounding the issue.

Consequences of Non-Compliance

The significant fine serves as a stark reminder for companies of the importance of adhering to the strict data protection standards set forth by GDPR. The regulation demands rigorous data security practices and swift reporting of data breaches. Non-compliance can lead to hefty fines and severe reputational damage. Yahoo! is now reviewing the decision to determine suitable next steps.

Right to Appeal

Yahoo! retains the right to appeal the decision of the CNIL. However, the event underscores the importance of companies maintaining transparent and secure data practices to maintain user trust and avoid legal repercussions.