C029-39 Leroy Merlin
Case projectData Transfers
Case statusPending (3 - 4 years)
This is one of noyb 101 complaints which were filed after the "Schrems II" judgement in Summer 2020. The judgement invalidated the EU-US data transfer mechanism "Privacy Shield". The cases were generated based on implemented Google Analytics or Facebook tracking code on websites by EU providers, which leads to unlawful data transfers to the United States.
noyb asked for an update
CNIL informed us that the complaint continues to be under investigation
noyb asked the CNIL for an update Du
noyb asked the CNIL for an update. Du to server errors on our end, noyb sent that message again on 15.07.2021.
noyb wrote an email to the CNIL explaining how the HAR files showed the data transfers that took place
CNIL asked us to make remarks on the case without providing us with the controllers statement
CNIL (referring to a phone call with noyb) again asked us to make remarks on the case (without us knowing the controller's submission) and reiterated their position not to share the case files with us.
CNIL wrote us saying that the controller denies any wrongdoing
CNIL wrote us, saying that the controller has alleged that they have not implemented the Facebook connect feature, contrary to our complaint. CNIL gave noyb one month to respond with comments. noyb called them afterwards re access to the files of the case.
CNIL replied that they are the the competent authority to begin investigating
CNIL replied that they are the competent authority to begin investigating. Cannot confirm that there will be no other supervisory authorities involved, however will let us know if there are. Do not want to disclose documents as they are 'administrative do
noyb sent follow up email
noyb resubmitted all six HAR files
noyb resubmitted complaint
noyb resubmitted complaint in two separate emails as the attachments were to big and the email could not be delivered. On the same day, the CNIL aknowledged receipt of the complaint + attachments.