Accor fined $600K under GDPR after EDPB intervention
By Neil Hodge2022-08-26T17:28:00
French hotel chain Accor had its initial fine for cross-border data privacy violations increased sixfold after one data regulator involved in the decision-making process complained an original penalty of 100,000 euros (U.S. $99,900) was too low.
The company, which owns hotel chains Novotel, Ibis, and Mercure, now faces a fine of €600,000 (U.S. $599,000) after the European Data Protection Board (EDPB), the European Union’s overarching regulator for infringements of the General Data Protection Regulation (GDPR), was forced to intervene following a lack of agreement between France’s CNIL and the Polish data protection authority (DPA).
The ruling, published Aug. 17, marks the second time the EDPB has substantially increased a fine in a cross-border case. In December 2020, the regulator played part in raising the Irish Data Protection Commission’s original suggested GDPR fine against Twitter from between €135,000 and €275,000 to €450,000 (then-U.S. $547,000).