American Express Carte France Fined €1.5 Million for Cookie Violations The French data protection authority, CNIL, has fined American Express Carte France, a subsidiary of American Express, €1.5 million for violating cookie regulations. The penalty was issued on November 27, 2025, following inspections in January 2023 that revealed the company placed cookies on users' devices without consent, ig...

CNIL - Commission Nationale Informatique et Libertés

American Express Carte France Fined €1.5 Million for Cookie Violations The French data protection authority, CNIL, has fined American Express Carte France, a subsidiary of American Express, €1.5 million for violating cookie regulations. The penalty was issued on November 27, 2025, following inspections in January 2023 that revealed the company placed cookies on users' devices without consent, ignored users' refusal to accept cookies, and continued reading cookies after consent was withdrawn. Despite eventually complying during the procedure, the company's actions breached Article 82 of the French Data Protection Act. The fine reflects the well-known nature of cookie regulations and their widespread dissemination by CNIL.

Source

Published on Dec. 3th, 2025 Published on Dec. 3th, 2025

To read more operational risk news, register for free on MSTAR Platform.

MSTAR News

Oct. 6th, 2025

Regional banks favour scenario analysis over op risk modelling.

We’re proud to share that Elseware/MSTAR have been featured in Risk.net's Operational Risk Benchmarking 2025. Based on feedback from a leading bank, the article highlights how MSTAR can improve confidence in scenario models. Read the full article to see why our exposure based approach is making an impact in the future of operational risk.