On April 30, 2020, the French Data Protection Authority published guidance on the extraction of web users’ personal data from online public spaces by web scraping tools and re-use of such data for direct marketing purposes.
Continue Reading CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

On October 22, 2019, the French Data Protection Authority (the “CNIL”) published a list of processing operations (in French) that it considers not requiring a data protection impact assessment (“DPIA”). The CNIL had previously adopted and published a final list of processing operations requiring a DPIA on November 6, 2018. The final list includes 12 types of processing operations for which a DPIA is not considered mandatory. The CNIL provided concrete examples for each type of processing operation, including:
Continue Reading CNIL Publishes List of Processing Operations Not Subject to DPIA

On September 4, 2019, the High Court of England and Wales dismissed a challenge against South Wales Police’s use of Automated Facial Recognition technology, determining that the police’s use of AFR had been necessary and proportionate to achieve their statutory obligations.
Continue Reading High Court Dismisses Challenge to Police Use of Facial Recognition Technology