Image for article type news
News

France: CNIL finds case against Lusha outside scope of GDPR

December 28, 2022
Summary

The French data protection authority, CNIL, dismissed a case against Lusha Systems Ltd. on 20 December 2022, stating it falls outside the GDPR's scope. CNIL received complaints from 2018 to 2021 about Lusha's browser extension accessing professional contact details. However, CNIL concluded that Lusha has no EU establishment, does not offer goods or services to EU data subjects, and does not monitor behavior through profiling, which are all criteria under GDPR Article 3.

The French data protection authority ('CNIL') announced, on 23 December 2022, that it had decided, on 20 December 2022, to dismiss the case against Lusha Systems Ltd., outlining that it was outside the scope of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). Background to the case In particular, CNIL noted that a number of complaints had been received between 2018 and 2021 regarding the use of the web browser extension to access information, such as professional contact details. Findings of CNIL Upon inspection, CNIL found that no sanction should be issued against Lusha due to the following: the company has no establishment in the EU, so that the criterion of est

News

Gain access to unlimited articles with 7 day access to all features, no credit card required.

or

Other options:

Jurisdictions: