The Privacy Insider Podcast Ep. 7: David, Goliath, and Data Privacy Part II: Max Schrems
When AI Meets PI: Assessing and Governing AI from a Privacy Perspective
Navigating Emerging Privacy Issues in Financial Services — The Consumer Finance Podcast
The Privacy Insider Podcast Episode 4: Don't Be Evil: In the Hot Seat of Data Privacy, Part 1
The American Privacy Right Act (APRA) explained
Navigating the Regulation Jungle: How to Be Compliant, Work Efficiently, and Stay Sane
Legal Alert | Wiretap Laws in the United States
Business Better Podcast Episode: Cyber Adviser – A Comparison of AI Regulatory Frameworks
Preventative Medicine: Health Care AI Privacy and Cybersecurity – Part 1 — The Good Bot Podcast
Cost of Noncompliance: More Than Just Fines
Will the U.S. Have a GDPR? With Rachael Ormiston of Osano
The Team Continues to Grow: A Conversation With Our Newest Colleague, Kaitlin Clemens — Unauthorized Access Podcast
[Webinar] Midyear Data Privacy Check-in: Trends & Key Updates
Decoding Privacy Laws: Insights for Small to Mid-Sized Businesses — Regulatory Oversight Podcast
No Password Required: Education Lead at Semgrep and Former Czar for Canada’s Election Security
Navigating State Privacy Laws
[Webinar] You Are Here: First Steps in Data Mapping
AGG Talks: Women in Tech Law - Episode 1: Charting the Course: Women Trailblazing in Cybersecurity and Crisis Governance
[Webinar] AI and Data Privacy: Minimizing Risk and Maximizing Opportunity
Work This Way: A Labor & Employment Law Podcast | Episode 14: How Employers Can Navigate Cybersecurity Issues with Brandon Robinson, Maynard Nexsen Attorney
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more
On May 21, 2024, France adopted law No. 2024-449 to secure and regulate the digital space. This law grants new enforcement powers and authority to the French Data Protection Authority (CNIL), including to seize documents,...more
On July 9, 2024, the CNIL launched a public consultation on a draft recommendation (“Draft Recommendation”) on measuring diversity in the workplace. While measuring diversity is an important indicator in the fight against...more
For more information about France’s SREN law, see our update that provides five key takeaways for businesses. Two new laws impose an array of obligations and restrictions on cloud providers in France. First, the European...more
On May 16, 2024, the CNIL announced a critical public consultation and three significant updates to adapt health research regulations in France. These updates, focusing on remote quality control, home monitoring, and...more
On April 8, 2024, the French Data Protection Authority (CNIL) published recommendations on the development phase of artificial intelligence (AI) systems1 (Recommendations). They are the first set of recommendations designed...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
The French Data Protection Authority (the "CNIL") has just published two new reference methodologies for research, studies, or evaluations necessitating access to the data in the French Healthcare database. These new...more
The French Data Protection Authority (CNIL) is still seeking input from Artificial Intelligence (AI) stakeholders on how to ensure that AI systems comply with data protection laws. Use of large amount of data and data...more
The French supervisory authority (CNIL) asked for public comments on its draft recommendation on data security in relation to processing that presents particularly high risks to individuals or to the public interest (the...more
Welcome to the third edition of our AI Legal News Summer Roundup! After five class actions were filed between June 28 and July 11 (as reported on in our first edition of this series), on July 21, another class action lawsuit...more
On 6 July 2023, the French data protection authority (the "CNIL") updated its guidelines on whistleblowing systems again. The last version dated from December 2019. This update is the result of the French transposition of...more
Les derniers mois ont vu une activité bouillonnante de la CNIL avec l’adoption de nombreuses délibérations. Nous avons analysé ces décisions pour comprendre les principales orientations prises par l’autorité française....more
From 24 April, 2023, victims of cyber-attacks (as defined by the Criminal Code in italic text below) will have 72 hours to file a complaint with “competent authorities” if they want to obtain reimbursement under their...more
On December 22, 2022, France’s National Commission for Technology and Freedoms (“CNIL”) fined Microsoft’s Irish subsidiary 60 million euro for failure to comply with Article 82 of the French Data Protection Law (known as the...more
Version Française: La loi relative aux dispositifs de contrôle parental sur les appareils connectés est désormais applicable. This Law n°2022-300 of March 2, 2022 provides for new obligations in order to strengthen parental...more
France’s data protection authority, the Commission Nationale de Informatique et des Libertés (“CNIL”), has issued one of its highest General Data Protection Regulation (“GDPR”) sanctions to-date against Dedalus Biologie SAS...more
What You Need to Know The draft law would impose transparency obligations relating to cybersecurity. It is still being discussed and adjusted, but it could potentially come into effect in 2023. “Large-scale” online platforms...more
French CNIL issues guidance for organisations on transfer impact assessments, German DSK releases statement on supplementary measures and SCCs, and Hessian DPA comments on data transfer obligations (23 June 2021)....more
Le Covid-19 n’a pas empêché la Commission nationale de l’informatique et des libertés (« CNIL ») de publier le 15 avril 2020 son référentiel relatif aux traitements de données à caractère personnel mis en œuvre aux fins de...more
The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. ...more
Following the outbreak of COVID-19, organizations have been implementing exceptional measures to maintain "business-as-usual" to the extent allowed by their particular circumstances and to protect their employees, customers...more
In a statement of its priorities over the next year, French data privacy regulator CNIL emphasizes the importance of a balanced approach to data protection regulation....more
I. Les BCR pour faciliter les transferts intra-groupes - Les données personnelles ont vocation à circuler sans s’arrêter aux frontières de l’Union européenne (« UE »). Aussi, le règlement général sur la protection des...more