Legal news
- Accueil
- News
- Legal news
- SOLOCAL MARKETING SERVICES sanctioned by...
SOLOCAL MARKETING SERVICES sanctioned by the CNIL for non-compliance with the rules relating to commercial prospecting
- 26 mai 2025
- Jeanne BOSSI MALAFOSSE, Guillaume BUHAGIAR
- Personal data
- Legal news
In a decision dated May 15, 2025 [1], the CNIL imposed a fine on the company SOLOCAL MARKETING SERVICES (“Solocal company”) for failing to comply with regulations related to commercial prospecting and for breaching the obligation to demonstrate data subjects’ consent to the processing of their data.
Solocal company, which operates in the field of digital marketing, uses prospect databases, primarily acquired from data brokers (such as operators of sweepstakes or product testing websites – "Brokers"), to carry out B2C (Business-to-Consumer) marketing campaigns. These data are used to conduct SMS or email marketing campaigns, either by Solocal company on behalf of its advertiser clients, or by the advertisers themselves to whom Solocal company transmits the data.
Following an investigation by the CNIL, its restricted committee determined that Solocal company’s practices violated several key obligations stemming from the French Postal and Electronic Communications Code (PECC) as well as the General Data Protection Regulation (GDPR).
The first breach identified by the CNIL concerns the lack of valid consent from the data subjects. The prospect data initially collected by the Brokers came in particular from sweepstakes participation forms. However, these forms were found to be misleading due to their visual layout, which clearly encouraged data subjects to accept the transfer and use of their data for marketing purposes. As a result, the CNIL considered that these forms did not enable the collection of free, informed, and unambiguous consent, which is required for prospecting activities to comply with Article L.34-5 of the PECC.
The second breach noted by the CNIL involves Solocal company’s inability to demonstrate that the data subjects, whose data had been shared by one of its Broker partners, had in fact given their consent for their data to be used for marketing purposes. Under Article 7 of the GDPR, the controller is required to provide proof that consent has been obtained from the data subject for the processing of their personal data. Solocal company was unable to provide the CNIL with proof of consent for the individuals whose data had been transmitted by its partner. Furthermore, even though Solocal could not obtain this proof from its partner, it continued to use the data for nearly 17 months.
In view of the above, the CNIL imposed a fine of €900,000 on Solocal company, along with an order to cease all electronic prospecting activities unless valid consent is obtained (with a penalty of €10,000 per day of delay after a 9-month period).