Advocate General Spielmann opines that personal data can be pseudonymous in the hands of one party and anonymous in the hands of another....more
2/20/2025
/ Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Data Security ,
Data-Sharing ,
EDPS ,
EU ,
General Data Protection Regulation (GDPR) ,
Legal Opinion ,
Personal Data ,
Privacy Acts ,
Privacy Laws ,
Transparency
The CJEU has decided that the maximum thresholds for GDPR fines should be calculated using the global turnover of the broader corporate group, not solely the infringing entity....more
2/20/2025
/ Affiliates ,
Civil Monetary Penalty ,
Corporate Fines ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
Enforcement Actions ,
EU ,
General Data Protection Regulation (GDPR) ,
Multinationals ,
Personal Data ,
Privacy Laws
The EU AI Act came into effect on 1 August 2024, and the first obligations under the Act will become applicable from 2 February 2025. Providers and deployers of AI systems must ensure that their employees and contractors...more
The Draft Code sets out various obligations relating to transparency, copyright compliance, and management of systemic risks for providers of GPAI models....more
The draft guidelines provide further clarification to the EDPB’s interpretation of legitimate interests, and suggest a potential divergence with the UK ICO....more
11/25/2024
/ Court of Justice of the European Union (CJEU) ,
Data Controller ,
Data Processors ,
Draft Guidance ,
EU ,
European Data Protection Board (EDPB) ,
General Data Protection Regulation (GDPR) ,
Information Commissioner's Office (ICO) ,
Marketing ,
Multi-Factor Test ,
Personal Data ,
UK
Now that the EU AI Act has come into force, companies deploying high-risk artificial intelligence (AI) systems in the European Union (EU) must prepare to navigate a complex landscape of new obligations by 2 August 2027. This...more
The EU AI Office has just published a consultation on the topics that should be covered by the first general-purpose AI (GPAI) Code of Practice and a call for interest to participate in drafting the Code....more
Today marks a significant milestone in the regulation of artificial intelligence (AI) as the European Union (EU) AI Act is published in the EU Official Journal. This landmark legislation establishes the world’s first...more
Amid the continued expansion of the right to evidence, the court reversed its previous position that evidence obtained through unfair methods was inadmissible.
When asked to re-examine the relationship between the right...more
The French Data Protection Authority has imposed a €40 million fine for GDPR infringements.
On 15 June 2023 the French Data Protection Authority (the CNIL), acting as Lead Supervisory Authority pursuant to the cooperation...more
Cybersecurity incidents pose legal challenges for in-house counsel, alongside their technical implications. This overview highlights key aspects that legal departments must know when reacting to data breaches.
...more
The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules.
On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more
6/12/2023
/ CNIL ,
Consent ,
Cookies ,
Corporate Fines ,
Enforcement Actions ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Member State ,
Personal Data ,
PHI ,
Risk Management ,
Statutory Violations ,
Websites
The court determined that mere infringement of the GDPR is insufficient for a damages claim, but that there is no minimum threshold for non-material damages.
In a recent judgment (Case C-300/21), the Court of Justice of...more
5/17/2023
/ Calculation of Damages ,
Court of Justice of the European Union (CJEU) ,
Damages ,
De Minimis Claims ,
EU ,
General Data Protection Regulation (GDPR) ,
Infringement ,
Member State ,
Personal Data ,
Rules of Civil Procedure ,
UK
The CJEU’s final ruling could subject companies to direct GDPR enforcement by DPAs notwithstanding national procedural rules, but may rule against strict liability under the GDPR.
On 27 April 2023 Advocate General of the...more
This 13th edition of The Technology, Media and Telecommunications Review provides updated overviews of legal and policy constructs and developments in the TMT arena across 18 jurisdictions around the world. As in years past,...more
1/12/2023
/ Digital Single Market ,
Electronic Communications ,
EU ,
France ,
Internet ,
Internet Service Providers (ISPs) ,
Media ,
Public Policy ,
Regulatory Oversight ,
Satellites ,
Technology Sector ,
Telecommunications
Companies operating in France should implement or adapt their reporting mechanisms to comply with the new requirements.
On 1 September 2022, new protections for whistleblowers in France entered into force. The protections...more
In our 11th year of writing and publishing The Energy Regulation and Markets Review, the most pressing global concerns are inflation, supply chain concerns, the Ukraine war and continuing effects from the covid-19 pandemic....more
6/24/2022
/ Climate Change ,
Commodities ,
Energy Market ,
Energy Sector ,
Environmental Policies ,
EU ,
Infrastructure ,
Nuclear Power ,
Oil & Gas ,
Paris Agreement ,
Regulatory Requirements ,
Renewable Energy ,
Russia ,
Technology ,
Transmission Planning ,
Ukraine
A new decree and a ministerial order strengthen cooperation between French ministries, reflecting the government’s desire to monitor more closely certain foreign discovery requests.
Overview -
Originally enacted in...more
This volume marks the 12th edition of The Technology, Media and Telecommunications Review, which has been fully updated to provide an overview of evolving legal and policy activity in this arena across 25 jurisdictions around...more
Litigation is, on one analysis, all about telling stories to impartial decision makers. Complex commercial litigation means that those stories are more detailed, more involved and more intricate. That means that telling the...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations.
The use of card, contactless, and innovative digital payment solutions has significantly...more
11/9/2021
/ Anti-Money Laundering ,
Bank Secrecy Act ,
CNIL ,
Consultation ,
Data Collection ,
Data Protection ,
Data Protection Authority ,
European Central Bank ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Mobile Payments ,
Open Payments ,
Payment Systems ,
PCI-DSS Standard ,
Personal Data ,
Sensitive Personal Information ,
White Papers
Die Datenschutzorganisation noyb droht mit über 10.000 Beschwerden wegen möglicher rechtswidriger Verwendung von Cookies.
Am 31. Mai 2021 startete die Datenschutzorganisation noyb (die Abkürzung steht für „none of your...more
The privacy organisation noyb will file more than 10,000 complaints for use of cookies contrary to its interpretation of compliance.
On 31 May 2021, the nonprofit privacy organisation noyb (short for “none of your...more
The Technology, Media and Telecommunications Review is now in its 11th edition, and I am excited to be taking the reins of this publication after a decade under the steady hand of long-time editor John Janka. This Review...more
The French data protection authority’s decisions cite violations of the cookie rules under the ePrivacy Directive and provide important insights on explicit consent.
Between December 2019 and May 2020, the French data...more