Last week, the Global Privacy Enforcement Network (“GPEN”)—a global network of over 30 national data protection authorities—announced the launch of its annual privacy sweep. The purpose of the sweep is to examine how websites and mobile applications commonly used by children handle minors’ personal information. Members of GPEN include regulators who have long prioritized protections for children and teens, such as the Federal Trade Commission (“FTC”), the California Attorney General, the California Privacy Protection Agency, the UK Information Commissioner’s Office, the French Commission Nationale de l’Informatique et des Libertés (“CNIL”), and the Irish Data Protection Commission.Continue Reading Global Privacy Regulators Launch Enforcement Sweep Focused on Children’s Data Protection
French CNIL
CNIL Publishes Recommendations on Legitimate Interest as a Legal Basis for AI Training
By Kristof Van Quathem on
Posted in Artificial Intelligence (AI), European Union
On June 19, 2025, the French Data Protection Authority (“CNIL”) published two recommendations for AI developers. The first recommendation covers reliance on the GDPR’s legitimate interest legal basis for developing an AI model. It provides examples of legitimate interests that can justify the use of personal data for AI development. The second recommendation discusses measures to implement when collecting personal data through “web scraping.” It provides a list of measures that, if followed, will ensure compliance with the GDPR’s accountability principle.Continue Reading CNIL Publishes Recommendations on Legitimate Interest as a Legal Basis for AI Training