Criteo: Official Grievance Redressal & Escalation Protocol

B2B Services & Corporate Solutions
,
1

Verified: 29 March 2026 08:40 am CET

Criteo
Criteo1200×675 24.3 KB

Industry: AdTech & Programmatic Advertising (B2B)
Jurisdiction: France (Global Headquarters)
Primary Regulator: CNIL (Commission Nationale de l’Informatique et des Libertés)

Important Safety Warning For Consumers: STOP! Criteo is a B2B advertising technology company. They do not hold your personal retail accounts, bank details, or direct consumer subscriptions. If you have a billing issue with a product you saw in an online ad, you must complain to the specific retailer that sold you the product. Criteo only handles disputes regarding digital tracking, cookies, and GDPR data profiling.

Level 1: Customer Support (Data Protection Officer)

  • How to complain: Do not look for a general customer service phone number. For all consumer disputes regarding data tracking, cookie consent, or the Right to be Forgotten, your first legal step is to contact Criteo’s dedicated Data Privacy team. You must email dpo@criteo.com or use the automated opt-out tool on their official Privacy portal.
  • Availability: The DPO email inbox is continuously monitored during standard European business hours (Monday to Friday, CET).
  • Timeline: Under the European GDPR (General Data Protection Regulation), Criteo is legally required to respond to a data subject access request (DSAR) or deletion request within 1 month of receipt.
  • Source Verification: According to the official Criteo Privacy Policy & DPO Contact.

Level 2: Formal Written Complaint & Mise en Demeure

  • Who to contact: If the DPO fails to respond within 1 month, or if you believe your data was not actually deleted from their servers, you must formally escalate the dispute by sending a registered letter with acknowledgment of receipt (Lettre Recommandée avec Accusé de Réception - LRAR) directly to the global headquarters.
  • Address: Address your formal legal notice to Criteo SA, Data Protection Officer, 32 Rue Blanche, 75009 Paris, France.
  • Timeline: Once a formal written notice regarding a GDPR violation is received, the 1-month legal deadline remains strictly in effect. Complex data extraction requests can legally be extended by an additional 2 months, provided they notify you of the delay.
  • Source Verification: Verified via the registered corporate entity details published on the Criteo Legal Notice.

Level 3: Regulatory Authority / ADR (CNIL)

  • Data Privacy Disputes: There is no commercial mediator for AdTech tracking disputes. If Criteo ignores your formal Mise en Demeure or refuses to delete your tracking profile, you must escalate the issue directly to the French data protection authority: the CNIL.
  • Portal/Contact: You can file a formal GDPR complaint online via the official CNIL Complaint Portal.
  • Systemic Fraud Reporting: Do not use the DGCCRF or SignalConso. These bodies do not handle digital data privacy violations or tracking cookies.
  • Timeline: You can file a complaint with the CNIL immediately after the 1-month deadline from your Level 1/Level 2 request has expired without a satisfactory resolution.
  • Source Verification: According to the consumer rights guidelines published by the Commission Nationale de l’Informatique et des Libertés (CNIL).

Level 4: Legal Action (Class Action & GDPR Litigation)

  • Pre-Litigation: You must have proof of your written requests to the DPO (emails and LRAR) and proof of your CNIL complaint before pursuing further legal action.
  • Court/Arbitration (The GDPR Reality): Individual consumers rarely sue massive AdTech companies in a standard small claims court (Tribunal Judiciaire) over a tracking cookie, as proving individual financial damages is highly complex.
  • Filing the Lawsuit: Instead of individual small claims, unresolved systemic privacy violations against AdTech firms in Europe are typically handled via massive class-action lawsuits or collective complaints organized by digital rights NGOs (such as NOYB - None of Your Business or La Quadrature du Net), which lobby the CNIL and the European Data Protection Board (EDPB) to issue multi-million euro fines.
  • Source Verification: Standard GDPR litigation procedures and historical AdTech enforcement actions in the European Union.

Community Action: Is Criteo refusing to honor your Right to be Forgotten request after the 1-month GDPR deadline, or are you looking for the correct legal templates to draft a Mise en Demeure to their DPO in Paris? Reply below (do not share your personal email addresses or identifying tracking logs), and our digital privacy community will point you to the right resources!