French Privacy Regulator Offers Guidance for Third-Party Database Users
Data processors who use databases freely available online or provided by a third party such as a data broker must verify that their formation or sharing isn't "manifestly unlawful," French privacy regulator CNIL warned Friday (in an unofficial translation). Whoever compiles, uploads or shares the database must comply with laws banning theft or distribution of stolen data and must check that the information isn't the result of a data leak, it said.
Sign up for a free preview to unlock the rest of this article
Re-users may not deploy a database or put it online if it infringes the General Data Protection Regulation or other rules, such as intellectual property rights, CNIL added. Those who download or reuse a clearly illegal database could be guilty of concealment, it said.
To verify the legality of databases, the CNIL recommended that reusers check that: (1) The description of the database indicates its source. (2) The creation of the database isn't clearly the result of a crime or misdemeanor. (3) The origin of the data is sufficiently documented to show there's no doubt that it's lawful. (4) The database doesn't contain sensitive or infringing material.
There should be a contract between the original data holder and the reuser to ensure that reuse is legal, the CNIL noted.