small-logo
ProfessionalsCapabilitiesInsights & NewsCareersLocations
About UsAlumniOpportunity & InclusionPro BonoCorporate Social Responsibility
Stay Connected:
facebookinstagramlinkedintwitteryoutube
  1. Privacy & Data Security

Blog

CNIL Reacts to Major Telecommunications Data Breach

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page
  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

Blog

CNIL Reacts to Major Telecommunications Data Breach

  • PDFPDF
    • Email
    • LinkedIn
    • Facebook
    • Twitter
    Share this page

1 Min Read

Author

Sara Susnjar

Related Locations

Chicago
Paris

Related Topics

Data Breach
Europe Privacy
Communications Privacy

Related Capabilities

Privacy & Data Security
Technology, Media & Telecommunications

Related Regions

Europe

March 3, 2014

The largest French telephone and internet services company, Orange, recently announced a major data breach, where over 800,000 individuals, or approximately 3% of its customers, had their personal information stolen. Information alleged to be stolen included names, mailing addresses, and e-mail addresses. As a result, the French data protection authority (CNIL), convened a meeting of all large telecommunications operators in order to explain their obligations under both French and European Union laws and encourage the companies’ compliance under such laws. More specifically, pursuant to a 2013 online procedure launched by CNIL and European Commission Regulation No. 611/2013, telecommunications companies operating in France have 24 hours after learning of a data breach to notify the relevant authorities.

If all of the information required cannot be provided during this time period, the initial notification can be made during this 24-hour window, with a second notification being made within the next 72 hours. Failure to comply may lead to a maximum fine of €300,000 and up to five years of imprisonment. While at this point in time it is not certain what kind of consequences the data breach will have for Orange and what additional steps CNIL will take, the case demonstrates that CNIL takes such breaches seriously as well as proper notifications to relevant authorities.

Tip: CNIL has used this incident as a vehicle to remind companies that if you are an internet supplier or mobile operator operating in France, you should be aware of the newest breach notification laws and the short timing for involving CNIL.

Related Professionals

Related Professionals

Sara Susnjar

Sara Susnjar

This entry has been created for information and planning purposes. It is not intended to be, nor should it be substituted for, legal advice, which turns on specific facts.

Logo
facebookinstagramlinkedintwitteryoutube

Copyright © 2025. Winston & Strawn LLP

AlumniCorporate Transparency Act Task ForceDEI Compliance Task ForceEqual Rights AmendmentLaw GlossaryThe Oval UpdateWinston MinutePrivacy PolicyCookie PolicyFraud & Scam AlertsNoticesSubscribeAttorney Advertising