KASPR is a French company that sells a Chrome browser extension. The tool allows users to extract professional contact data—phone numbers and email addresses—directly from LinkedIn profiles. The database contained 160 million contacts.
The French data protection authority CNIL found three specific violations. Firstly, KASPR collected contact data even from individuals who had actively limited their visibility on LinkedIn to only their closest network. Secondly, the company stored the data for up to five years, automatically resetting the deadline each time a person changed jobs. Thirdly, KASPR waited four years before even informing people that their data had been collected. When they finally sent an email, it was in English, regardless of the recipient's language.
In December 2024, CNIL fined KASPR €240,000 and gave them six months to comply. In March 2026, CNIL confirmed that the company had complied with the orders.
Practical point: Check which tools the sales team uses to find contacts. Does the tool pull data from LinkedIn or other platforms? Ask the vendor if they have a valid basis for processing and if they inform the individuals concerned. If they cannot answer clearly - switch tools.
Inspired by: CNIL