On April 24 2025, the French supervisory authority (CNIL) issued a draft recommendation to address challenges in collecting user consent for cookies and trackers across multiple devices (the Draft Recommendation). The new...more
Following a wave of “session replay” wiretapping lawsuits in the United States, France’s Commission Nationale de l’Informatique et des Libertés (CNIL) has launched a consultation on tools for recording and replaying browsing...more
In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
Each year, the CNIL selects key areas of high interest to concentrate its investigations and assess the compliance of select commercial sectors. On February 8, The CNIL announced its four main areas of focus for...more
Following the publication of several press articles and employee complaints, the French data protection regulator (“CNIL”) carried out an investigation at the Amazon France Logistique’s (“Amazon”) warehouses. The CNIL's...more
French authorities have fined an air freight company for a string of employee data violations, and for its failure to fully cooperate with their investigation....more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
As jurisdictions across the world grapple with the effects of the more infectious delta variant, many governments either have taken or are considering more restrictive measures to reduce infection rates and community spread...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
The Commission nationale de l'informatique et des libertés (CNIL) is the national data protection authority in France. Recently, it announced new guidance on cookies and online trackers (Guidelines). Operators of...more
Following the outbreak of COVID-19, organizations have been implementing exceptional measures to maintain "business-as-usual" to the extent allowed by their particular circumstances and to protect their employees, customers...more
The legal requirements for the use of cookies have been subject to discussion over the last few years, with little to no enforcement and guidance from European data protection authorities (DPAs). That has changed recently....more
The French CNIL (the country’s data protection authority) has released rules for how companies can use the biometric information of their employees. Fingerprint scanning is a popular method for “clocking in” around the globe,...more
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies. • Main areas for non-profit...more
In August 2017, the Supreme Court of India passed a judgment in the case of Justice K S Puttuswamy vs Union of India (Supreme Court of India, WRIT PETITION (CIVIL) NO 494 OF 2012), in which fundamental rights, as provided in...more
On May 25, 2015, the French data protection authority (CNIL) published its annual inspection program for 2015, unveiling its objectives and priorities for the year. This alert highlights the main priorities of the CNIL for...more