The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
1/23/2025
/ Artificial Intelligence ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
Online Safety for Children ,
Personal Data ,
Privacy Laws
As expected in the data privacy and digital space, 2024 shaped up to be a year full of guidance, consultations, regulatory focus areas and legislative updates. Artificial Intelligence (AI) remained a hot topic with...more
1/15/2025
/ Adtech ,
Advertising ,
Artificial Intelligence ,
Cookies ,
Cybersecurity ,
Data Breach ,
Data Privacy ,
Data Protection ,
EMEA ,
EU ,
International Data Transfers ,
Privacy Laws ,
Regulatory Agenda ,
UK
On 17 December 2024, the European Data Protection Board (EDPB) adopted its opinion on certain data protection aspects related to the processing of personal data in the context of AI models (Opinion). The Opinion comes as a...more
Forming part of the EU’s broader digital and cyber security strategy, the new Network and Information Systems Directive 2022/2555 (NIS2) came into effect on 18 October 2024 (this being the deadline by which the directive is...more
12/6/2024
/ Compliance ,
Critical Infrastructure Sectors ,
Cyber Incident Reporting ,
Cybersecurity ,
Cybersecurity Framework ,
EU ,
EU Directive ,
Infrastructure ,
Member State ,
Risk Management ,
Sanctions
The Cyber Resilience Act (CRA) is a groundbreaking piece of legislation designed to enhance the cybersecurity of digital products and services made available in the EU. Published last week in the Official Journal of the...more
11/26/2024
/ Compliance ,
Cyber Security Incident Response Team (CSIRT) ,
Cybersecurity ,
Digital Goods ,
Distributors ,
ENISA ,
EU ,
Importers ,
Manufacturers ,
Member State ,
New Legislation ,
Penalties ,
Regulatory Authority
A new development in the Castelbajac case, which pits the designer with the eponymous name against the company PMJC, concerning the application for revocation of the trademarks assigned to the latter by the designer. In a...more
5/31/2024
/ Appeals ,
Assignments ,
Counterclaims ,
Court of Justice of the European Union (CJEU) ,
EU ,
France ,
Intellectual Property Protection ,
Revocation ,
Trademark Infringement ,
Trademark Litigation ,
Trademarks ,
Unfair or Deceptive Trade Practices
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
5/31/2024
/ Advertising ,
Auction ,
Belgium ,
Competitive Bidding ,
Consent ,
Cookie Banners ,
Court of Justice of the European Union (CJEU) ,
Data Brokers ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Personal Data
We have been talking about it since last year: the bill to secure and regulate the digital space ("SREN") has now been passed. The legislative process leading up to the enactment of the SREN bill has been slow (as a reminder:...more
4/23/2024
/ Cloud Computing ,
Cloud Storage ,
Criminal Code ,
Data Protection ,
Data Protection Acts ,
Digital Platforms ,
EU ,
European Economic Area (EEA) ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Minors ,
New Legislation ,
Online Platforms ,
Pornography ,
Public Communications
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.
The DGA aims to...more
11/14/2023
/ Administrative Authority ,
Best Practices ,
Data Collection ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Management ,
International Data Transfers ,
Member State ,
Public Sector ,
Third-Party Service Provider
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
Welcome to the first edition of the Litigation Gazette. Each quarter, BCLP's Paris team keep you informed of the main litigation news in competition law, commercial litigation, labor law, IP/IT/Data and compliance.
In this...more
Two and a half years after the Schrems II decision invalidated the EU-US Privacy Shield, the EU and US are inching closer to a replacement data transfer mechanism for EU to US personal data transfers. On 13 December 2022, the...more