France: Data Protection Authority opened consultation on guidelines on deployment of web filtering

On 28 July 2025, the French Data Protection Authority (CNIL) opened a consultation on guidelines on the deployment of web filtering until 30 September 2025. The guidelines apply to public and private sector employers implementing web filtering tools for employees, contractors, or visitors using professional internet or Wi-Fi networks, excluding open public Wi-Fi providers. It outlines General Data Protection Regulation (GDPR) - compliant obligations, including limiting data collection on user ID, IP address, domain name. It also focuses on ensuring a legal basis on legitimate interest or legal obligation, conducting Data Protection Impact Assessments where required, consulting employee representatives, and informing affected individuals. It also addresses deployment risks across on-site, Software as a Service (SaaS), and hybrid models, and recommends strong security and pseudonymisation measures to safeguard logs .