France’s data protection authority (CNIL) has imposed 83 sanctions totaling €486.8 million for GDPR violations, with most fines aimed at major tech firms. Google was fined €325 million for showing unsolicited Gmail ads and placing tracking cookies without valid consent, while fast‑fashion retailer Shein received a €150 million penalty for failing to respect user choices and transparency. The CNIL also issued compliance notices and corrective orders to numerous other organizations.
