While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
2/18/2025
/ CNIL ,
Consent ,
Data Collection ,
Data Controller ,
Data Privacy ,
Data Processors ,
Data Protection ,
France ,
General Data Protection Regulation (GDPR) ,
Mobile Apps ,
Personal Data ,
Privacy Laws
The CNIL has published its strategic plan for the period of 2025-2028. This is typical of the CNIL, who regularly inform its stakeholders of its priorities....more
1/23/2025
/ Artificial Intelligence ,
CNIL ,
Cybersecurity ,
Data Privacy ,
Data Protection ,
EU ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
Online Safety for Children ,
Personal Data ,
Privacy Laws
On 17 December 2024, the European Data Protection Board (EDPB) adopted its opinion on certain data protection aspects related to the processing of personal data in the context of AI models (Opinion). The Opinion comes as a...more
As the Paris 2024 Summer Olympic and Paralympic Games (the “Games”) turn onto the final straight, the Games have yet again captured widespread global attention, on and off the track. With over 15.3 million visitors in Paris...more
9/4/2024
/ Algorithms ,
Artificial Intelligence ,
Cameras ,
CNIL ,
Data Privacy ,
Data Protection ,
Data Security ,
France ,
General Data Protection Regulation (GDPR) ,
Olympics ,
Privacy Concerns ,
Public Property ,
Security and Privacy Controls ,
Security Cameras
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
6/28/2024
/ Advertising ,
Artificial Intelligence ,
CNIL ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
Data Subjects Rights ,
Duty to Inform ,
France ,
General Data Protection Regulation (GDPR) ,
Minors ,
New Guidance ,
Personal Data ,
Regulatory Requirements
On 7 March 2024, the Court of Justice of the European Union issued a ruling (C-604/22 | IAB Europe) clarifying the concepts of personal data and controller in the context of the use of a Transparency and Consent Framework...more
5/31/2024
/ Advertising ,
Auction ,
Belgium ,
Competitive Bidding ,
Consent ,
Cookie Banners ,
Court of Justice of the European Union (CJEU) ,
Data Brokers ,
Data Collection ,
Data Controller ,
Data Protection Authority ,
EU ,
General Data Protection Regulation (GDPR) ,
Online Advertisements ,
Personal Data
We have been talking about it since last year: the bill to secure and regulate the digital space ("SREN") has now been passed. The legislative process leading up to the enactment of the SREN bill has been slow (as a reminder:...more
4/23/2024
/ Cloud Computing ,
Cloud Storage ,
Criminal Code ,
Data Protection ,
Data Protection Acts ,
Digital Platforms ,
EU ,
European Economic Area (EEA) ,
France ,
General Data Protection Regulation (GDPR) ,
Information Technology ,
Minors ,
New Legislation ,
Online Platforms ,
Pornography ,
Public Communications
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more
Each year, the CNIL selects key areas of high interest to concentrate its investigations and assess the compliance of select commercial sectors. On February 8, The CNIL announced its four main areas of focus for...more
2/16/2024
/ Audits ,
CNIL ,
Customer-Loyalty Programs ,
Data Collection ,
Data Protection ,
Data Subject Access Requests ,
European Data Protection Board (EDPB) ,
France ,
General Data Protection Regulation (GDPR) ,
Investigations ,
Minors
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses.
The CNIL's...more
1/31/2024
/ Amazon ,
CCTV ,
CNIL ,
Corporate Fines ,
Data Collection ,
Data Protection ,
Employee Monitoring ,
Employee Privacy Rights ,
Employee Rights ,
Enforcement Actions ,
France ,
General Data Protection Regulation (GDPR) ,
Health and Safety ,
Investigations ,
Surveillance ,
Temporary Employees
A few weeks ago, on 24 September 2023, the Data Governance Act (Regulation (EU) 2022/868 of the European Parliament and of the Council of 30 May 2022 on European data governance) (“DGA”) came into force.
The DGA aims to...more
11/14/2023
/ Administrative Authority ,
Best Practices ,
Data Collection ,
Data Management ,
Data Protection ,
EU ,
European Commission ,
General Data Protection Regulation (GDPR) ,
Information Governance ,
Information Management ,
International Data Transfers ,
Member State ,
Public Sector ,
Third-Party Service Provider
A few days ago, the French Data Protection Authority (CNIL) published its first draft guidelines for the use of AI systems in the form of "AI How-To Sheets" with the aim to “help professionals reconcile innovation with...more
The recent CJEU decision in X-FAB (Case C-453/21) provides guidance on how to determine whether a conflict of interest could arise for your Data Protection Officer (“DPO”) and how to avoid this. It also confirms the approach...more
Welcome to the first edition of the Litigation Gazette. Each quarter, BCLP's Paris team keep you informed of the main litigation news in competition law, commercial litigation, labor law, IP/IT/Data and compliance.
In this...more
Two and a half years after the Schrems II decision invalidated the EU-US Privacy Shield, the EU and US are inching closer to a replacement data transfer mechanism for EU to US personal data transfers. On 13 December 2022, the...more