On May 16, 2024, the CNIL announced a critical public consultation and three significant updates to adapt health research regulations in France. These updates, focusing on remote quality control, home monitoring, and...more
The CNIL has launched an investigation into a significant data breach affecting over 33 million individuals in France, involving third-party payment operators Viamedis and Almerys. It is the biggest breach in France involving...more
The French Data Protection Authority (the "CNIL") has just published two new reference methodologies for research, studies, or evaluations necessitating access to the data in the French Healthcare database. These new...more
The French Data Protection Authority (CNIL) is still seeking input from Artificial Intelligence (AI) stakeholders on how to ensure that AI systems comply with data protection laws. Use of large amount of data and data...more
P. Latombe, who is not only a Member of the French Parliament, but also seated at the French Data Protection Authority (CNIL)'s Commission, lodged a request for annulment of the DPF on 6 September 2023 before the Court of...more
9/12/2023
/ Annulment ,
CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Privacy ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Popular ,
Schrems I & Schrems II ,
Treaty on the Functioning of the European Union (TFEU)
On 6 July 2023, the French data protection authority (the "CNIL") updated its guidelines on whistleblowing systems again. The last version dated from December 2019. This update is the result of the French transposition of...more
A few days after the European Parliament adoption of a compromise position on the Artificial Intelligence Act (the “AI Act”), the French Data Protection Authority (the “CNIL”) published, on 16 May 2023, a detailed 4-step...more
Les derniers mois ont vu une activité bouillonnante de la CNIL avec l’adoption de nombreuses délibérations. Nous avons analysé ces décisions pour comprendre les principales orientations prises par l’autorité française....more
While the French Data Protection Authority (the "CNIL") has consistently emphasized the importance of protecting health data, there will be even more focus for 2023 with more investigations and sanctions in this sector. The...more
The French Data Protection Authority (CNIL) has released a Q&A providing its position, possible alternative solutions as well as guidance on using a compliant audience measurement solution. It follows a set of formal notices...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more
Le 15 février 2022, la CNIL a publié deux projets de référentiels. Ces référentiels étaient très attendus car l’Autorisation Unique 041 sur les traitements de données personnelles dans le cadre des Autorisations Temporaires...more
The French Data Protection Authority (CNIL) published an FAQ on March 18, 2021 to further explain its earlier guidelines and “recommendation” on cookies and other tracking technologies, which were published on September 17,...more
On October 14, 2020, the French Administrative Supreme Court (Conseil d’Etat) published its decision in a lawsuit requesting that the French health data platform (Health Data Hub) be suspended for breach of the GDPR in light...more
10/22/2020
/ CNIL ,
Court of Justice of the European Union (CJEU) ,
Data Transfers ,
Enforcement Actions ,
EU ,
France ,
French Supreme Court ,
General Data Protection Regulation (GDPR) ,
Microsoft ,
Online Platforms ,
Personal Data ,
Popular ,
Regulatory Violations ,
Schrems I & Schrems II
On October 8, 2020, France’s data protection authority (CNIL) provided the French Administrative Supreme Court (Conseil d’Etat) with a brief presenting its arguments against the hosting of some French public health data by...more
The French Data Protection Authority (CNIL) has recently released new guidelines (French only) regarding human resources processing operations. ...more
On 19 July the French Data Protection Authority (the “CNIL”) published new guidelines on cookies and trackers. These replace the existing Recommendation No. 2013-378 of 5 December 2013, are intended to be in line with...more
7/22/2019
/ CNIL ,
Cookies ,
Data Protection ,
e-Privacy Directive ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Grace Period ,
Information Technology ,
Internet ,
New Guidance ,
Opt-In ,
Prior Express Consent ,
Regulatory Oversight ,
Regulatory Requirements ,
Web Tracking ,
Websites
The French Data Protection Authority (the CNIL) has made targeted online advertising a priority topic in its 2019-2020 agenda and has changed its position on cookie consent. Although the ePrivacy Regulation is still being...more
7/8/2019
/ CNIL ,
Consent ,
Cookies ,
Data Protection Authority ,
Direct Marketing ,
e-Privacy Directive ,
France ,
New Guidance ,
New Rules ,
Popular ,
Proposed Rules ,
Sanctions ,
UK ,
UK ICO ,
Websites
The French Data Protection Authority (the CNIL) published its assessment of the first four months of GDPR and several guidelines, including one on how to make a GDPR compliant blockchain. ...more
10/11/2018
/ Big Data ,
Biometric Information ,
Blockchain ,
CCTV ,
CNIL ,
Cybersecurity ,
Data Protection ,
Data Protection Authority ,
Data Protection Impact Assessments (DPIAs) ,
Distributed Ledger Technology (DLT) ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
International Data Transfers ,
Personal Data ,
Popular ,
Right to Erasure