Comment la délibération de la CNIL tente de concilier efficacité et protection de la vie privée -
Parmi les autorités publiques, la Commission Nationale de l’Informatique et des Libertés (« CNIL ») est l’une de celles qui,...more
Le Covid-19 n’a pas empêché la Commission nationale de l’informatique et des libertés (« CNIL ») de publier le 15 avril 2020 son référentiel relatif aux traitements de données à caractère personnel mis en œuvre aux fins de...more
On April 23, Kramer Levin reported on the European Parliament’s approved proposal for the adoption of a whistleblower protection directive. On Oct. 7, the Directive on protection of persons reporting breaches of Union law...more
11/15/2019
/ Adverse Employment Action ,
Anti-Retaliation Provisions ,
Cause of Action Accrual ,
Confidential Information ,
Disclosure ,
Dodd-Frank ,
Employer Liability Issues ,
Employment Discrimination ,
Ethics ,
EU ,
EU Directive ,
Infringement ,
Internal Reporting ,
New Legislation ,
Public Disclosure ,
Sapin II ,
Third-Party ,
Whistleblower Protection Policies ,
Whistleblowers ,
White Collar Crimes
La sixième convention judiciaire d’intérêt public (« CJIP ») intervenue depuis la création de ce mode transactionnel par la loi n° 2016-1691 du 9 décembre 2016[1] (« Loi Sapin II ») a été validée le 28 juin 2019 par le...more
When Law No. 2016-1691 (Sapin II Law) created the convention judicaire d’intérêt public (CJIP), modeled after the American deferred prosecution agreement (DPA), it was feared that the existence of potentially dueling French...more
8/21/2019
/ AFA ,
Anti-Corruption ,
CJIP ,
Cooperation ,
Corporate Misconduct ,
Criminal Prosecution ,
Deferred Prosecution Agreements ,
France ,
Internal Investigations ,
Sapin II ,
Self-Reporting ,
White Collar Crimes
Lorsque la loi n° 2016-1691 du 9 décembre 2016 (« Loi Sapin II ») a créé la convention judicaire d’intérêt public (« CJIP ») sur le modèle des transactions pénales américaines (Deferred Prosecution Agreement ou « DPA »), on a...more
On June 13, 2019, a draft bill increasing fines for violations of Federal Law No. 242-FZ (Data Localization Law) was submitted to the State Duma (i.e., the lower house of the Federal Assembly). ...more
1. Binding Corporate Rules To Facilitate Intragroup Data Transfer -
Personal data is meant to circulate without boundaries inside the European Union (EU). The General Data Protection Regulation (GDPR) subjects personal...more
I. Les BCR pour faciliter les transferts intra-groupes -
Les données personnelles ont vocation à circuler sans s’arrêter aux frontières de l’Union européenne (« UE »). Aussi, le règlement général sur la protection des...more
Le 28 mai 2019, la Commission nationale de l'informatique et des libertés (« CNIL ») a prononcé une amende de 400.000 euros à l’encontre de la société Sergic, une société de gestion immobilière, pour manquement à l’obligation...more
Until recently, whistleblowing raised many concerns in France and other European countries. Reporting on colleagues’ behavior, even if unlawful, was seen as risky business that could lead to dismissals and criminal sanctions...more
Evidence gathering differs greatly between common law and civil law jurisdictions. For example, while a U.S. judge may in many instances allow extensive pretrial discovery, a French judge would generally consider nearly any...more
4/5/2019
/ Blocking Statutes ,
CLOUD Act ,
CNIL ,
Cross-Border ,
Data Protection ,
Discovery ,
Evidence ,
Extraterritoriality Rules ,
France ,
General Data Protection Regulation (GDPR) ,
Hague Convention ,
Litigation Strategies ,
Regulatory Standards
On Jan. 21, 2019, the French Data Protection Authority (CNIL) levied a 50 million euros sanction against Google LLC for violating the EU General Data Protection Regulation2 (GDPR) in the context of the first enforcement...more
2/27/2019
/ CNIL ,
Corporate Counsel ,
Data Protection ,
Enforcement Actions ,
EU Data Protection Laws ,
Fines ,
General Data Protection Regulation (GDPR) ,
Google ,
Personal Data ,
Popular ,
Prior Express Consent ,
Regulatory Violations ,
Transparency
Danske Bank is likely to again become the target of a formal investigation in France. A Paris court began investigating Danske Bank in October 2017 in relation to transactions of its Estonian branch, between 2008 and 2011,...more
2/1/2019
/ Corruption ,
Danske Bank ,
Enforcement Actions ,
Estonia ,
EU ,
Financial Transactions ,
France ,
Investigations ,
Money Laundering ,
Reasonable Suspicion ,
Regulatory Violations ,
White Collar Crimes
In the past, French law neither mandated nor provided any material incentives for companies to embrace compliance, corporate and social challenges. But things are dramatically changing in Europe, and more specifically in...more
Brief Comments on The Director of the Serious Fraud Office v. Eurasian Natural Resources Corporation Limited [2018] EWCA Civ 2006 -
On Sept. 5, 2018, the Court of Appeal of England and Wales handed down a unanimous...more
9/26/2018
/ Appeals ,
Attorney-Client Privilege ,
Bribery ,
Corruption ,
Criminal Investigations ,
Declaratory Relief ,
Document Productions ,
Electronically Stored Information ,
Internal Investigations ,
Legal Advice Privilege ,
Litigation Privilege ,
Natural Resources ,
Self-Reporting ,
Serious Fraud Office (SFO) ,
UK ,
Whistleblowers ,
White Collar Crimes
Brief Comments on The Director of the Serious Fraud Office v. Eurasian Natural Resources Corporation Limited [2018] EWCA Civ 2006....more
9/24/2018
/ Appeals ,
Bribery ,
Corruption ,
Criminal Investigations ,
Declaratory Relief ,
Internal Investigations ,
Legal Advice Privilege ,
Litigation Strategies ,
Mining ,
Natural Resources ,
Privileged Communication ,
Serious Fraud Office (SFO) ,
UK ,
Whistleblowers
On June 28, 2018, the California Consumer Privacy Act of 2018 (CCPA) was signed into law. The bill was drafted and passed quickly, just prior to a deadline for removing a similar initiative from the ballot that would have...more
On April 23 2018, the European Commission published a proposal for a Directive (the proposal or the Directive) on whistleblower protections in response to a request from the European Parliament...more
En publiant le 23 avril 2018 une proposition de directive sur les lanceurs d’alerte, la Commission européenne répond aux sollicitations du Parlement européen. ...more
On Feb. 23, 2018, a couple of months after the first French DPA (“CJIP - convention judiciaire d’intérêt public”) in history was entered into between the French prosecutor office and HSBC Private Bank Suisse in relation to...more
Dans moins de quatre mois, le 25 mai 2018, le règlement général de l'Union européenne sur la protection des données (« RGPD ») entrera en vigueur et la loi française, actuellement en discussion devant le parlement, qui tient...more
2/5/2018
/ Data Processors ,
Data Protection ,
EU ,
EU Data Protection Laws ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
International Data Transfers ,
Personal Data ,
Personally Identifiable Information ,
Risk Management
In less than four months, on May 25, 2018, the European Union’s General Data Protection Regulation (GDPR) will enter into full effect, bringing with it an array of new individual rights and regulatory requirements....more
On Nov. 14, 2017, six months after the so-called Sapin II law1 entered into force in France, the president of the Paris Tribunal de grande instance approved the first French deferred prosecution agreement (DPA or CJIP...more
One of the aspects of digitalization is that it blurs the lines between personal and professional lives of employees. Such acknowledgement is reflected in EU and French laws, notably with regard to teleworking and the right...more
11/29/2017
/ Data Protection ,
Employee Privacy Rights ,
Employee Rights ,
Employment Policies ,
EU ,
France ,
Off-Duty Employee Access ,
Off-Duty Employees ,
Popular ,
Right to Disconnect ,
Right to Privacy ,
Telecommunications ,
Wage and Hour ,
Workplace Privacy