Data-Scraping: A Clear Limitation by the French Data Protection Authority on Direct Marketing Practices Using Data from Third Party Services

A newspaper JDSupra informed about recent activities of French authorities regarding the GDPR:

“The French Supervisory Authority (CNIL) wrapped up 2020 with a EUR 20,000 fine against NESTOR, a French food preparation and delivery company catering to office employees (see full decision here in French). The CNIL highlighted various breaches of the General Data Protection Regulation (GDPR) 2 and the ePrivacy Directive regarding the processing of prospects and clients’ personal data by the CNIL, most notably:

• The lack of prior consent of the prospects to receiving direct marketing communication by electronic means, thereby violating Article L.34-5 of the French Post and Electronic Communications Code (CPCE);3
• The failure to properly inform individuals4 whether:

• Upon the creation of their account on the company’s platform, or
• Upon indirect collection through external sources;

• The failure to properly address Data Subjects’ Access Requests (DSAR).5″

To see the complete article follow this link