On June 19, 2025, the French Data Protection Authority (“CNIL”) published two recommendations for AI developers. The first recommendation covers reliance on the GDPR’s legitimate interest legal basis for developing an AI model. It provides examples of legitimate interests that can justify the use of personal data for AI development. The second recommendation discusses measures to implement when collecting personal data through “web scraping.” It provides a list of measures that, if followed, will ensure compliance with the GDPR’s accountability principle.Continue Reading CNIL Publishes Recommendations on Legitimate Interest as a Legal Basis for AI Training
recommendations
French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021
Posted in Data Privacy, European Union
On October 1, 2020, the French Supervisory Authority (“CNIL”) published the final version of its Guidelines on cookies and other tracking technologies (hereafter, “guidelines” – see announcement here, and guidelines here, in French), as well as an adjoining set of best practice recommendations (in French) with examples on how to implement the guidelines. In this blog post, we summarize the key points mentioned in the CNIL’s guidelines.
Continue Reading French Supervisory Authority Publishes Final Version of Cookie Guidelines, Says It Will Start Enforcing Them in April 2021