On April 30, 2020, the French data protection authority, the CNIL, published a guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes. The guidance is significant in two respects. First, it speaks to the CNIL’s view of this activity in the context of the GDPR and privacy concerns. Second, beyond the context of direct marketing related privacy issues, the guidance lays out some guiding principles for companies that conduct screen scraping activities or hire outside vendors to collect and package such data.
Stéphanie Martinier
Stéphanie Martinier is a partner in the Corporate Department, working in the Paris office.
Stéphanie advises French and international clients on the legal aspects of their investments in France. She has worked on a wide range of corporate transactions, including business acquisitions and sales (both for industrial clients and private equity funds), and joint ventures, and has been involved in the negotiation of sensitive commercial contracts. In addition, she has built long-term relationships with her clients advising them in this context on compliance with the General Data Protection Regulation (GDPR) and other French data privacy regulations.
Stéphanie has also developed expertise in the restructuring of corporate groups, in the negotiation of management packages and in dealing with the corporate aspects of the departure of top executives.
In addition, she manages the pro bono work of the Paris office and, as part of this commitment, provides training on the legal aspects of the creation of a business to young entrepreneurs through the program run by the not-for-profit Yes Akademia.
Stéphanie attended law school in both France and the United States, receiving a master of law from University Lyon III and a LL.M from University of Minnesota. She is licensed to practice law in France and New York, and has been with Proskauer since she graduated.
How Can Data Privacy Regulations Limit the Ability to Present Evidence in a Litigation?
The French Supreme Court sanctions a company for having produced complete employee pay slips in a litigation.
It is not news that the rules of evidence and data privacy laws may be conflicting. A recent decision of the French Supreme Court[1] illustrates this tension and highlights the need for litigators to take into account data privacy principles before producing evidence containing personal information.
Is Blockchain Technology Compatible with GDPR? French Data Protection Regulator Provides Guidance
Uncertainty regarding the compatibility of blockchain technology and the European Union’s General Data Protection Regulation (GDPR) has often been highlighted as a potential obstacle to the development and widespread implementation of blockchain systems involving personal data.
To address tensions between blockchain technology and the GDPR, Commission Nationale de l’Informatique et…
General Data Protection Regulation and Charitable Organizations FAQs
In the context of enforcement of the European General Data Protection Regulation (“GDPR)[1] on May 25, 2018, charitable organizations have showed an increased concern as to whether the GDPR applies to them, and what being subject to the GDPR means.