French FSBO Portal PAP.fr Hit with Data Protection Fine

The French FSBO specialist real estate marketplace operator PAP.fr has been ordered to pay €100k for alleged data protection breaches.

The fines are a result of an audit carried out in 2022 by CNIL (la Commission Nationale de l’Information et des Libertés — the National Commission on Informatics and Liberty).

The company, which has seen its fair share of controversy over the years, initially intended to retain personal information such as names, phone numbers, and email addresses for ten years. However, the CNIL deemed this duration excessive and unjustified. Furthermore, data concerning users of paid services, which was supposed to be stored for five years, was kept for longer periods.

Additionally, the portal's privacy policy was found to be lacking in completeness and clarity. The regulatory body observed that all data associated with inactive user accounts was retained without proper organization and password regulations for user accounts on the site were deemed inadequately stringent.

PAP boss Corrine Jolly told local newspaper La Tribune that the company had not yet decided whether to appeal the decision or not and questioned the nature of Europe's data protection laws.

“We have always had reservations about the bureaucratic aspect of the GDPR, but the CNIL is there to apply it. Given our good faith and cooperation, it recognized that there was no mercantile intention.”

The news comes as it was revealed that Zillow, CoStar and other real estate marketplace operators in the United States face court appearances over alleged breaches of the so-called 'Daniel's Law' related to the protection of law enforcement professionals' personal data.