French Telecom Giant Orange Fined €50 Million for Unsolicited Ads

On December 10, 2024, France’s largest telecommunications company, Orange, was handed a hefty €50 million ($53 million) fine for sending unsolicited advertisements through its email service.

This penalty, imposed by the French data privacy watchdog, CNIL, comes as a warning to other operators about the importance of adhering to privacy laws regarding customer data.

Orange, a major player in France’s internet and mobile services, used its popular email platform to send advertisements disguised as regular emails.

The CNIL’s deputy head, Louis Dutheillet de Lamothe, stated that these advertisements were integrated into users’ inboxes, making them resemble normal emails, without prior consent from the recipients.

This practice, he emphasized, violated French advertising regulations, which require companies to obtain explicit permission from users before sending promotional material.

The CNIL revealed that over 7.8 million Orange customers were affected by the unsolicited emails. The watchdog considered the ads a breach of privacy, especially since they were designed to generate revenue for Orange.

“It was a breach that generated money,” Dutheillet de Lamothe told AFP, underscoring the financial motivation behind the company’s actions.

Under French law, such practices are considered unlawful, particularly when personal data is involved, even if it wasn’t directly used to display the ads.

Orange, which was previously the state-owned operator of France’s phone network, has contested the fine.

The company has stated that the amount is “totally disproportionate” and maintains that the advertisements did not compromise security or violate personal data usage.

It insisted that sending unsolicited ads was a “common market practice” and that it had not been given any prior warning before the fine was imposed.

The CNIL’s decision to levy such a significant fine against Orange is part of a broader trend of increasing scrutiny of tech and telecom companies in Europe.

The fine is particularly notable given that it is one of the largest penalties imposed on a company in the telecom sector for such offenses, and it comes amid heightened awareness of data protection and privacy concerns across the European Union.

Dutheillet de Lamothe emphasized that the fine should serve as a strong message to other operators to follow the rules.

In its defense, Orange also pointed to changes it made to its email interface in November 2023, which it claimed made ads more visible to users.

Despite these adjustments, the CNIL found that the company’s email system still allowed for the distribution of unsolicited ads, and the watchdog noted that users who had opted out of cookies continued to receive them.

As part of the ruling, Orange has been given three months to correct its cookie-related practices or face further fines.

The company’s appeal to the top administrative court will likely be closely watched, as it could set a significant precedent for how data privacy violations are handled in the telecom industry.

The case highlights the growing concern over digital advertising and consumer rights, particularly as companies continue to explore new ways to monetize their platforms.

With data protection laws becoming stricter across Europe, companies are facing greater scrutiny over how they collect and use consumer data. The outcome of Orange’s appeal may shape the future of digital advertising practices in France and beyond.