Late last month, the French data protection authority, the CNIL, published guidance surrounding considerations behind what it calls “commercial prospecting,” meaning scraping publicly available website data to obtain individuals’ contact info for purposes of selling such data to third parties for direct marketing purposes. The guidance is noteworthy in two respects. First, it speaks to the CNIL’s view of this activity in the context of the GDPR and privacy concerns. Second, and of more general interest, the guidance lays out some guiding principles for companies that conduct screen scraping activities or hire outside vendors to collect and package such data.
You can read our summary of the CNIL guidance on our firm’s Privacy Law Blog.