France: Two French data companies- Fidzup and Teemo- were recently issued a warning by the French regulator CNIL for not complying with General Data Protection Regulation (GDPR)
Both of the companies are location intelligence vendors working in the domain of online-to-offline advertising and measurement. Both companies have SDKs that help them collect persistent location data from partner apps.
App publishers are paid for their location data (and other data) by companies such as Fidzup and Teemo.
CNIL discussed each company individually in its notices, which were made public afterward. CNIL has said that when partner apps were downloaded, consumer consent was obtained for use of location by the app but not for transfer of that data to third parties Fidzup and Teemo, whose SDKs were integrated into the apps.
CNIL affirmed that consent to use of location by an app is not tantamount to consent for data collection for advertising and marketing purposes by third parties.
Both of the said companies are mandated to come into compliance with GDPR within 90 days. If the companies implement GDPR and make amends, CNIL said there would be no penalty. However, failure to comply with GDPR norms will lead to sanctions.