France actively participates in international efforts and the EU AI Act negotiations, and proposes sector-specific laws. Laws/Regulations directly regulating AI (the “AI Regulations”) Currently, there are no specific...more
The CNIL’s newly released recommendations for AI system developers set out the regulator’s expectations for the entire development process of an AI system, from design to database creation and integration, ensuring...more
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more
The French Data Protection Authority announced a €600,000 fine against Groupe Canal+ over concerns with the media company’s direct marketing activities. According to the CNIL, the company sent users email marketing without...more
On 16 October 2023, France’s Data Protection Authority, the National Commission on Informatics and Liberty (CNIL), issued a set of guidelines for complying with the EU General Data Protection Regulation (GDPR) when...more
In an important judgment handed down on 29 June 2023 (Case C-211/22), the Court of Justice of the European Union (the "CJEU") ruled that a vertical agreement to fix minimum prices does not necessarily constitute a restriction...more
“I would like France to be one of the leaders in artificial intelligence; I would like Europe to be one of the leaders in artificial intelligence.” This statement by President Emmanuel Macron in 2018 sets out clearly the...more
As we noted in our 2023 DSIR, there has been a flurry of activity within the information governance space, at home and abroad. This activity deserves further analysis, because while it seems from a distance that there are...more
WorldCoin is a cryptocurrency project which uses iris scanning technology to issue a “World ID” as a digital identifier. Privacy concerns over WorldCoin have been voiced by several data protection authorities worldwide....more
The French Data Protection Authority imposed a €280,000 fine for GDPR infringements and a €100,000 fine for violation of French cookie rules. On 11 May 2023 the French Data Protection Authority (the CNIL) handed down its...more
On March 16, 2023, the French Data Protection Agency (the “CNIL”) imposed a fine of € 25,000 on the company CITYSCOOT in connection with a finding that CITYSCOOT failed to comply with the obligation to ensure data...more
The French Data Protection Authority capped off 2022 by terminating an investigation into Lusha Systems, Inc.’s compliance with GDPR. CNIL concluded that the law did not apply to the US company’s activities...more
The European Data Protection Board (EDPB) adopted a draft report of the work undertaken by the Cookie Banner Taskforce (the Report). The Report describes how regulators apply cookie legislation in handling certain types of...more
Welcome to the first edition of the Litigation Gazette. Each quarter, BCLP's Paris team keep you informed of the main litigation news in competition law, commercial litigation, labor law, IP/IT/Data and compliance. In this...more
You need a data retention plan. No really. And not just in the European Union. In California too. Commission Nationale de l’Informatique et des Libertés (CNIL) has fined messaging platform Discord 800,000 EUR for (non...more
Pelosi Statement Dims the Lights on ADPPA - The prospects for the nation’s first comprehensive data privacy law, the American Data Privacy and Protection Act (the “ADPPA” or the “Bill”), dimmed after House Speaker Nancy...more
The European Data Protection Board (“EDPB”) on June 15, 2022 issued a final decision in a rare exercise of its authority under Article 65 GDPR to resolve cross-border disputes between different data protection supervisory...more
CJEU: Special Category Data Just Got More Complicated - On August 1, 2022, the Court of Justice of the European Union (“CJEU”) delivered a preliminary ruling on the legal interpretation of special categories of personal...more
The year 2021 and early 2022 proved eventful for compliance and white-collar crime in France, especially for anti-bribery and compliance activity. Agencies are continuing to build on Sapin II by incrementally defining...more
At the end of February 2021, the French Data Protection Authority (CNIL) found out via the media about a massive personal data breach involving health-related data of about 500,000 French patients. After more than a year of...more
Following the 2020 Court of Justice of the European Union’s (CJEU) ruling invalidating the Privacy Shield (see our alert here), personal data transfers from the European Union to the United States required EU companies to...more
What can the California Privacy Protection Agency learn from the EU experience as it gets ready to draft regulations regarding DPIAs? Here is a recap of my remarks from the CPRA Regulations Stakeholder Session:...more
Colorado Attorney General Seeks Rulemaking Comments for the Colorado Privacy Act - With the Notice of Proposed Rulemaking set for fall 2022, Colorado’s Attorney General office is currently inviting preliminary comments for...more
Companies using Google Analytics (“Analytics”) or similar platforms may be interested in recent rulings of several European data protection authorities that found Analytics data transfers to the U.S. to be non-compliant with...more
The healthcare sector is a current focus of the French data protection authority (CNIL) which just published two draft standards regarding processing of personal data in the context of Early Access and Compassionate Access....more