On June 19, 2025, the French Data Protection Authority (“CNIL”) published two recommendations for AI developers. The first recommendation covers reliance on the GDPR’s legitimate interest legal basis for developing an AI model. It provides examples of legitimate interests that can justify the use of personal data for AI development. The second recommendation discusses measures to implement when collecting personal data through “web scraping.” It provides a list of measures that, if followed, will ensure compliance with the GDPR’s accountability principle.Continue Reading CNIL Publishes Recommendations on Legitimate Interest as a Legal Basis for AI Training
Legitimate Interest
Belgian Supervisory Authority Sanctions Data Broker
By Kristof Van Quathem on
Posted in Advertising & Marketing, European Union
On January 16, 2024, the Belgian Supervisory Authority sanctioned a data broker for violating several provisions of the GDPR. In particular, the data broker processed personal data without an appropriate legal basis and in violation of its transparency obligation.
The more than 100-page decision explains that until July 2021 the data broker collected personal data from different sources and sold the data to interested third parties (“data delivery services”). The company also provided “data quality services” aimed at improving the quality and relevance of the personal data held by its clients. The relevant data were mainly used for advertising by postal mail.Continue Reading Belgian Supervisory Authority Sanctions Data Broker