On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
Over the past few years there has been significant growth in the use of technology for monitoring workers, especially following the onset of the COVID-19 pandemic. Global demand (based on the number of internet searches...more
Here are a few takeaways from what I said this week at the InfoGov World Expo virtual auditorium. •Is it still “early days for GDPR?” Not if you ask Germany, France’s Commission Nationale de l’Informatique et des Libertés...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
The legal requirements for the use of cookies have been subject to discussion over the last few years, with little to no enforcement and guidance from European data protection authorities (DPAs). That has changed recently....more
On October 1, the European Court of Justice (the “ECJ”) confirmed recent guidance from the UK and CNIL regulators in finding that the use of pre-checked boxes does not constitute consent for processing of personal information...more
The guidance provides general requirements for obtaining valid consent and details conditions under which audience management cookies may be exempt. On 4 July 2019, one day after the UK Information Commissioner’s Office...more
On July 18, 2019, the French Data Protection Authority (CNIL) issued new guidance on the use of cookies and similar tracking technologies (collectively referred to as “cookies” below). The guidance clarifies the instances in...more
Analytics cookies in the crossfire. Different approaches set forth in the CNIL Guidance and in the ICO cookie guidance. CNIL – Set list of terms to qualify for an exemption from the need to obtain consent....more
Data protection authorities in the UK and France have released updated guidance for website operators that use cookies on their websites. This new guidance may mandate changes to existing cookie banners and provides further...more
The French Data Protection Authority (the CNIL) has made targeted online advertising a priority topic in its 2019-2020 agenda and has changed its position on cookie consent. Although the ePrivacy Regulation is still being...more
The closure of four cases involving targeted advertising provides lessons for navigating compliance standards under the GDPR. The recent closure of cases brought by the French Data Protection Authority (CNIL) against four...more
Companies should identify data flows, implement a data transfer solution, and update internal documents and privacy notices. Since our blog on “What a “No Deal” Brexit Means for UK Data Privacy”, the European Data...more
UNITED STATES - Regulatory—Policy, Best Practices, and Standards - United States and China Renew Promise Not to Hack - On October 4, U.S. and Chinese officials agreed to not engage in targeted hacking. Per a...more
New York Attorney General Announces Record Number of Data Breach Notices in 2016 - On March 21, 2017, the New York Attorney General's Office announced that it received 1,300 reported data breaches in 2016—a 60 percent...more
In less than one year, from 25 May 2018, the General Data Protection Regulation (GDPR or Regulation) will become enforceable. The GDPR introduces a rigorous, far-reaching privacy framework for businesses that operate, target...more
The General Data Protection Regulation (GDPR) will come into force on 25 May 2018, replacing UK’s Data Protection Act 1998 (DPA). It is yet unclear how Brexit will play out, yet in the meantime the United Kingdom is moving to...more
A landmark decision of the European Court of Justice (ECJ) has held that companies may no longer rely on “Safe Harbour” to justify transferring personal data from the European Union to the US, because the US Government has a...more
The UK’s Information Commissioner’s Office (ICO) has made what appears to be its first “right to be forgotten” enforcement action against Google Inc. The ICO issued the notice on 18 August 2015, ordering Google to remove nine...more
On 11 May 2015, the UK Information Commissioner’s Office (ICO), the French data protection authority (CNIL) and the Office of the Privacy Commissioner of Canada (OPCC) announced their participation in a new Global Privacy...more