French CNIL Finds GDPR Not Applicable to a US Company Providing a Browser Extension
On December 20th, 2022, the French Data Protection Authority (CNIL) closed down an investigation against a US company providing a browser extension, after finding that its activities were not subject to the GDPR.
The Company provides a browser extension allowing users to obtain the professional contact details (telephone number and email address) of people whose profile they visit on LinkedIn or Salesforce’s customer platform. After receiving complaints between 2018 and 2021, the CNIL launched an investigation into the extension. While it confirmed that the company was the controller of all the processing activities related to the use of the extension, the CNIL concluded that such processing activities fell outside the scope of the GDPR, and therefore halted its proceedings against the company.
Source: French CNIL Finds GDPR Not Applicable to a US Company Providing a Browser Extension | Inside Privacy