The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities. As many know, since GDPR was passed US companies have been concerned about the extent the law applies outside of the EU: it applies not only to those entities with operations in the EU, but also those outside of the region who are either offering goods or services to people in the EU or monitoring individuals in the EU. Here, CNIL concluded that Lusha was not offering goods or services to those in the EU, nor was it monitoring those in the EU.
Continue Reading CNIL Weighs in On GDPR Applicability to US Company