France: Data Protection Authority issued compliance reminder in investigation into Qwant over misrepresentation of pseudonymised data in privacy policy

Description

Data Protection Authority issued compliance reminder in investigation into Qwant over misrepresentation of pseudonymised data in privacy policy

On 11 February 2025, the French Data Protection Authority (CNIL) issued a compliance reminder to Qwant concerning over failure to accurately anonymise data transmitted to Microsoft. This follows a 2019 investigation into Qwant over its handling of personal data transmitted to Microsoft. The CNIL found that while Qwant had pseudonymised the data, it had inaccurately presented it as anonymised in its privacy policy, breaching transparency obligations under the General Data Protection Regulation. Consequently, the CNIL issued the compliance reminder to Qwant detailing its legal responsibilities regarding data privacy. The reminder was not accompanied by a fine, reflecting Qwant's cooperative stance and the corrective measures implemented, including updating the policy to reflect the pseudonymisation of data and clarifying its legal basis for processing.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
search service provider
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2025-02-11
under investigation

On 11 February 2025, the French Data Protection Authority (CNIL) issued a compliance reminder to Qw…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.