Following an investigation, the CNIL has imposed a fine for data protection breaches on a luxury car rental company. The fine of €5,000 was imposed for use of an unlawful GPS tracking system on rented cars. The CNIL found the fine justified because, amongst other things, the tracking system had not been registered with the CNIL, customers were unaware of its use, it was disproportionate as collecting data on a 24/7 basis rather than merely in the event of theft or failure to return the car and access to the data had not been adequately secured (the password had not been changed for two years). The CNIL does not automatically publish details of all of the fines it imposes. Public notice of a fine is used by the CNIL as an additional sanction.