While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
2/18/2025
/ CNIL ,
Consent ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws
The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
1/23/2025
/ Artificial Intelligence ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
Online Safety for Children ,
Personal Data ,
Privacy Laws
As expected in the data privacy and digital space, 2024 shaped up to be a year full of guidance, consultations, regulatory focus areas and legislative updates. Artificial Intelligence (AI) remained a hot topic with...more
1/15/2025
/ Adtech ,
Advertising ,
Artificial Intelligence ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EMEA ,
EU ,
International Data Transfers ,
Privacy Laws ,
Regulatory Agenda ,
UK
On 17 December 2024, the European Data Protection Board (EDPB) adopted its opinion on certain data protection aspects related to the processing of personal data in the context of AI models (Opinion). The Opinion comes as a...more
Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is...more
12/6/2024
/ Compliance ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
EU ,
EU Directive ,
Infrastructure ,
Member State ,
Risk Management ,
Sanctions
The Cyber Resilience Act (CRA) is a groundbreaking piece of legislation designed to enhance the cybersecurity of digital products and services made available in the EU. Published last week in the Official Journal of the...more
11/26/2024
/ Compliance ,
Cyber Security Incident Response Team (CSIRT) ,
Cybersecurity ,
Digital Goods ,
Distributors ,
ENISA ,
EU ,
Importers ,
Manufacturers ,
Member State ,
New Legislation ,
Penalties ,
Regulatory Authority
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more
9/4/2024
/ Algorithms ,
Artificial Intelligence ,
Cameras ,
CNIL ,
Data Privacy ,
Data Protection ,
Data Security ,
France ,
General Data Protection Regulation (GDPR) ,
Olympics ,
Privacy Concerns ,
Public Property ,
Security and Privacy Controls ,
Security Cameras
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
6/28/2024
/ Advertising ,
Artificial Intelligence ,
CNIL ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
Data Subjects Rights ,
Duty to Inform ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
New Guidance ,
Personal Data ,
Regulatory Requirements
A new development in the Castelbajac case, which pits the designer with the eponymous name against the company PMJC, concerning the application for revocation of the trademarks assigned to the latter by the designer. In a...more
5/31/2024
/ Appeals ,
Assignments ,
Counterclaims ,
Court of Justice of the European Union (CJEU) ,
EU ,
France ,
Intellectual Property Protection ,
Revocation ,
Trademark Infringement ,
Trademark Litigation ,
Trademarks ,
Unfair or Deceptive Trade Practices
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
5/31/2024
/ Advertising ,
Auction ,
Belgium ,
Competitive Bidding ,
Consent ,
Cookie Banners ,
Court of Justice of the European Union (CJEU) ,
Data Brokers ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Personal Data
In a ruling dated 2 April 2024 (Tribunal Judiciaire de Paris, 2 April 2024, RG no. 24/51659), the President of the Tribunal Judiciaire de Paris confirmed that he could no longer be seised in référé (summary proceedings)...more
In a ruling dated 27 March 2024 (Cour de cassation, 27 March 2024, no. 22-21.586), the Cour de cassation reviewed the obligation of website hosts to monitor the content they host....more
We have been talking about it since last year: the bill to secure and regulate the digital space ("SREN") has now been passed. The legislative process leading up to the enactment of the SREN bill has been slow (as a reminder:...more
4/23/2024
/ Cloud Computing ,
Cloud Storage ,
Criminal Code ,
Data Protection ,
Data Protection Acts ,
Digital Platforms ,
EU ,
European Economic Area (EEA) ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Minors ,
New Legislation ,
Online Platforms ,
Pornography ,
Public Communications
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more
Each year, the CNIL selects key areas of high interest to concentrate its investigations and assess the compliance of select commercial sectors. On February 8, The CNIL announced its four main areas of focus for...more
2/16/2024
/ Audits ,
CNIL ,
Customer-Loyalty Programs ,
Data Collection ,
Data Protection ,
Data Subject Access Requests ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Investigations ,
Minors
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses.
The CNIL's...more
1/31/2024
/ Amazon ,
CCTV ,
CNIL ,
Corporate Fines ,
Data Collection ,
Data Protection ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Rights ,
Enforcement Actions ,
France ,
General Data Protection Regulation (GDPR) ,
Health and Safety ,
Investigations ,
Surveillance ,
Temporary Employees
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.
The DGA aims to...more
11/14/2023
/ Administrative Authority ,
Best Practices ,
Data Collection ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Management ,
International Data Transfers ,
Member State ,
Public Sector ,
Third-Party Service Provider
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with...more
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
Welcome to the first edition of the Litigation Gazette. Each quarter, BCLP's Paris team keep you informed of the main litigation news in competition law, commercial litigation, labor law, IP/IT/Data and compliance.
In this...more
On 3 February 2022, the French Commission Nationale de l'Informatique et des Libertés (the "CNIL") published a set of commercial management guidelines for all organizations that conduct data processing for the management of...more
Two and a half years after the Schrems II decision invalidated the EU-US Privacy Shield, the EU and US are inching closer to a replacement data transfer mechanism for EU to US personal data transfers. On 13 December 2022, the...more
Websites that distribute content not intended for minors usually request that visitors confirm they are over 18 through a simple click. The efficiency of this approach is clearly limited, and 44% of 11-18 year olds in France...more