CNIL sets parameters for processors’ reuse of data for product improvement
On January 12, 2022, the French data protection authority, Commission nationale de l’informatique et des libertés (CNIL), issued guidance on the reuse of personal data by processors for their own purposes under the EU General Data Protection Regulation.
The guidance addresses one of the most common — and hotly contested — aspects of privacy negotiations between commercial parties: Namely, when can a processor use personal data it obtains from a controller for purposes broader than just strictly providing services to the controller? For example, may a processor use the data to improve its products or services or train its artificial intelligence and machine learning algorithms?
While the CNIL answers the question in the affirmative, it sets forth highly restrictive conditions, which some controllers and processors may find exceed their current practices.
Full article: CNIL sets parameters for processors’ reuse of data for product improvement