KASPR Sanctioned for Data Scraping Violations

The landscape of data protection is ever vigilant when it comes to adhering to the stringent demands of the General Data Protection Regulation GDPR. Recently, the French Supervisory Authority, CNIL, imposed a significant administrative fine of 200,000 euros on KASPR, a company known for its data scraping activities. This penalty underscores the critical importance of compliance with data protection laws, as KASPR’s practices were found to contravene the fundamental principles of the GDPR.

Key Considerations for Data Protection Professionals:

Data Collection Practices: KASPR utilized a Chrome extension to gather professional contact details from platforms like LinkedIn, without legal justification or the explicit consent of individuals. This practice violated GDPR Article 6 which mandates that data processing must be lawful and consent-based.

Transparency and Information Obligations: KASPR’s failure to adequately inform data subjects about the nature of data collection, storage, and processing activities was a breach of Articles 12 and 14 of the GDPR. Transparency, a cornerstone of data protection, was notably absent in KASPR’s operations.

Data Retention and Access Rights: The company also failed to define appropriate data retention periods, as stipulated under Article 5-1-e, and did not honor individuals’ right of access to their data under Article 15. For data protection professionals, these oversight points highlight the necessity of establishing clear data lifecycle management protocols and respecting data subjects’ rights without exception.

Enforcement and Compliance Deadlines: Beyond the financial penalty, CNIL mandated KASPR to halt the unauthorized data collection practices and rectify their system to align with GDPR norms within six months, by June 18, 2025. Companies must ensure their data processing activities can be accurately audited and verified for compliance routinely, avoiding costly regulatory penalties and reputational risk.

For data protection professionals and privacy experts, this case reinforces the essential commitment to GDPR principles in operational practices. It serves as a loud call to review internal compliance with the EU’s data protection framework, ensuring no stone is left unturned in safeguarding personal data.

To read more on this case, visit the original source link: [Original source link](https://www.edpb.europa.eu/news/news/2025/data-scraping-french-sa-fined-kaspr-eu200-000_en).