Association Mousse – CJEU Judgment (France, 2025)
CJEU judgment — not a DPA enforcement action
This is a Court of Justice ruling, not an enforcement action by a data protection authority. It is not included in cookie statistics or the Risk Calculator.
The Court of Justice ruled on a complaint from Association Mousse about SNCF Connect requiring customers to provide their title when buying train tickets. This matters because it raises questions about how companies collect personal information and whether they should offer more options for gender identity. The decision could influence how businesses handle personal data in the future.
What happened
The Court ruled on a complaint about SNCF Connect's requirement for customers to enter their title when purchasing travel documents.
Who was affected
Customers purchasing travel documents from SNCF Connect who were required to specify their title.
What the authority found
The Court held that the data collection practices of SNCF Connect were lawful under GDPR, as they were necessary for fulfilling the contract.
Why this matters
This ruling highlights the importance of data minimization and could encourage companies to rethink how they collect personal information. Businesses should consider offering more inclusive options for users.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
Association Mousse lodged a complaint with the French DPA (CNIL) after a data subject purchased rail travel documents from SNCF Connect (the controller). The controller required customers to enter their title (Madame / Monsieur) when they purchased travel documents. The complaint argued that the controller should not collect this data or that, at the very least, it should offer customers additional options such as ‘neutral’ or ‘other.’ The controller argued that knowing the sex of the data subject permitted it to personalise communications in accordance with commonly accepted practices in commercial communications. It also stated that the processing permitted it to adapt the services it provided (such as providing access to women-only carriages on night trains). On 23 March 2021, the CNIL found that the controller’s processing did not violate the GDPR. It found the processing lawful under Article 6(1)(b) GDPR, viewing it as necessary for the performance of the contract to supply transport services, and considered the processing consistent with the principle of data minimisation. Association Mousse brought an action for annulment of the CNIL’s decision before the Conseil d’État. In addition to reiterating its legal basis and data minimisation challenges, it pointed out that the processing infringed the right to travel without disclosing one’s title, the right to respect for private life and freedom to freely define one’s gender expression. It also noted that in countries who recognize nonbinary civil statuses, the indication does not correspond to reality and may prove contrary to the principle of accuracy. The Conseil d’État stayed the proceedings and referred two questions to the CJEU. # In assessing whether data collection is consistent with Article 5(1(c) GDPR and Articles 6(1)(b) and (f) GDPR, may account be taken of commonly accepted practices in civil, commercial and administrative communications (here, the collection of data relating to consumers’ titles)? #
Outcome
CJEU Judgment
A judgment by the Court of Justice of the European Union, typically on a preliminary reference from a national court.
Related Cases (1)
Other cases involving Association Mousse in FR
Details
Judgment Date
9 January 2025
Authority
Court of Justice of the European Union
GDPRhub ID
gdprhub-cjeu-8105About this data
Cite as: Cookie Fines. Association Mousse - France (2025). Retrieved from cookiefines.eu
Last updated: