Contact
Back to News

Access to and reuse of personal data online: The CNIL issues its recommandations

On June 12, 2024, following a public consultation, the French Data Protection Authority (CNIL) published its recommendations on open data and the reuse of personal data published on the Internet. These guidelines are intended to help companies balance their objectives with individuals’ rights, while taking advantage of data available online.

To guide professionals in this complex field, the CNIL offers two sets of practical guides:

  • The Guides for open data publishers: these guides are designed for government agencies, businesses, and individuals who make personal data available to the public as open data;

The recommendations made within those guides, and designed for government agencies, businesses, and individuals who make personal data available to the public as open data, include guidelines for:

  • Identifying the responsibilities of the various parties involved;
  • Determining the lawfulness of the processing;
  • Informing data subjects;
  • Respecting the rights of data subjects;
  • Ensuring the relevance, proportionality, accuracy, and security of the processed data.

Finally, the CNIL provides further clarification on several points:

  • Reuse of public data: Reusers may generally rely on legitimate interest to reuse data published by government agencies as open data. Furthermore, if email addresses are not available, reusers may also provide public, non-individualized information regarding the existence of the processing, its characteristics, and the rights of the data subjects;
  • Business directories: Data subjects must be able to easily remove themselves from or object to being listed in business directories that include ratings and comments from internet users;
  • Commercial solicitation: Commercial solicitation without prior consent is permitted when data subjects can reasonably expect it. To this end, the CNIL recommends evaluating several criteria in particular: the purpose of the data reuse, the type of data collected, the possibility for individuals to object to this use by the source site, as well as any restrictions in the privacy policy or terms of use.

In addition, the CNIL plans to expand the “case study” guides to cover new topics. It will also continue to explore scenarios for sharing data with authorized third parties, in accordance with French and European law, such as the Code of Relations between the Public and the Administration, Regulation No. 2022/868 of May 30, 2022, on data governance (“Data Governance Regulation ” or “Data Governance Act”), and Regulation No. 2023/2854 on harmonized rules regarding fair access to and use of data (“Data Regulation” or “Data Act”).

All our news

Digital Technology in Healthcare Delivery: The DGOS publishes a roadmap for every actor in the system

Pharmacists and chronic conditions : Further expansion of their scope of practice

Teleconsultation companies: What changes under the Order of October 18, 2024

Contact

92 boulevard Malesherbes – 75008 Paris

T +33 (0)1 84 79 00 90
F +33 (0)1 84 10 89 91

contact-bg
Personal Data collected in this form is processed by Beslay Rime in connection with your contact request. In accordance with applicable regulations, you have the right to access, rectify, and delete your Personal Data, as well as the right to request its portability. You may also request that the processing of your personal data be restricted. You can exercise your rights by sending your request by email to contact@beslay-rime.com or by post to: Beslay Rime 92 boulevard Malesherbes 75008 PARIS. More information on the protection of your personal data can be found here.
Contact