On April 30, 2020, the French Data Protection Authority published guidance on the extraction of web users’ personal data from online public spaces by web scraping tools and re-use of such data for direct marketing purposes.
Continue Reading CNIL Publishes Guidance on Web Scraping and Re-Use of Publicly Available Online Data for Direct Marketing

On March 17, 2020, the Executive Committee of the Global Privacy Assembly issued a statement giving their support to the sharing of personal data by organizations and governments for the purposes of fighting the spread of the COVID-19 pandemic.
Continue Reading The Global Privacy Assembly Approves Data Sharing to Fight Coronavirus Pandemic

On November 26, 2019, the French Data Protection Authority announced that it had levied a fine of €500,000 on Futura Internationale for various infringements of the EU General Data Protection Regulation.
Continue Reading CNIL Fines French Construction Company for Infringements When Placing Marketing Voice-to-Voice Calls

On October 22, 2019, the French Data Protection Authority (the “CNIL”) published a list of processing operations (in French) that it considers not requiring a data protection impact assessment (“DPIA”). The CNIL had previously adopted and published a final list of processing operations requiring a DPIA on November 6, 2018. The final list includes 12 types of processing operations for which a DPIA is not considered mandatory. The CNIL provided concrete examples for each type of processing operation, including:
Continue Reading CNIL Publishes List of Processing Operations Not Subject to DPIA