CNIL finds French contact tracing app in violation of GDPR

The French data protection authority, CNIL, has examined the French contact tracing app and ruled that it is not fully compliant with the provisions of GDPR and the French data protection law. CNIL’s primary complaint was that the app transferred the news that a user had been infected to all their contacts, not just those who had been in recent proximity, and the privacy policy was insufficiently specific about the categories of data that were being processed and its recipients. Finally, the data protection impact assessment failed to include the initial Google Captcha verification, which was not disclosed to the user.

Writer: GDPRhub
Publication: GDPRhub