France: Data Protection Authority closes consultation on guidelines on deployment of web filtering

On 30 September 2025, the French Data Protection Authority (CNIL) closes the consultation on guidelines on the deployment of web filtering. The guidelines apply to public and private sector employers implementing web filtering tools for employees, contractors, or visitors using professional internet or Wi-Fi networks, excluding open public Wi-Fi providers. It outlines General Data Protection Regulation (GDPR) - compliant obligations, including limiting data collection on user ID, IP address, domain name. It also focuses on ensuring a legal basis on legitimate interest or legal obligation, conducting Data Protection Impact Assessments where required, consulting employee representatives, and informing affected individuals. It also addresses deployment risks across on-site, Software as a Service (SaaS), and hybrid models, and recommends strong security and pseudonymisation measures to safeguard logs .