Digital Policy Alert logo

France: Closed Investigation by CNIL into Lusha Systems over GDPR Applicability

Policy overview

Description

Closed Investigation by CNIL into Lusha Systems over GDPR Applicability

On 20 December 2022, the Data Protection Agency (CNIL) closed its investigation into Lusha Systems, Inc. (Lusha). The CNIL opened the investigation to assess whether Lusha's data processing complies with the General Data Protection Regulation (GDPR) and the Data Protection Act following several complaints. The CNIL found that Lusha does not have any establishment in the European Union (EU) and Lusha's web extension does not offer any goods or services to the data subjects. The CNIL also found that Lusha does not monitor the relevant data subjects. Therefore, the CNIL found no basis upon which to issue a sanction as the company is not subject to GDPR.

Original source

Scope

Policy Area
Data governance
Policy Instrument
Data protection regulation
Regulated Economic Activity
cross-cutting
Implementation Level
national
Government Branch
executive
Government Body
data protection authority

Complete timeline of this policy change

Hide details
2018-01-24
under deliberation

On 24 January 2018, the Data Protection Agency (CNIL) opened an investigation into Lusha Systems, I…

2022-12-23
concluded

On 20 December 2022, the Data Protection Agency (CNIL) closed its investigation into Lusha Systems,…

We use cookies and other technologies to perform analytics on our website. By opting in, you consent to the use by us and our third-party partners of cookies and data gathered from your use of our platform. See our Privacy Policy to learn more about the use of data and your rights.