In 2024, the CNIL stepped up its enforcement action, issuing 87 sanctions, 180 compliance orders and 64 reprimands. However, only 12 decisions were made public, thus complicating the exercise of making the regulator’s...more
While mobile apps have become one of the major means of access to digital services, their ubiquity is accompanied by significant risks to users' privacy, due to the massive amount of personal data they collect and process....more
Following the very recent adoption of the EU Regulation on AI (the AI Regulation) the CNIL (the French data regulator) has issued the second in its series of recommendations for the development of privacy-friendly AI models....more
The French Data Protection Authority (CNIL) recently imposed a EUR 310,000 fine, representing 1% of its turnover, on FORIOU, a telemarketing company promoting loyalty programs. The fine stemmed from FORIOU’s use of...more
On 3 February 2022, the French Commission Nationale de l'Informatique et des Libertés (the "CNIL") published a set of commercial management guidelines for all organizations that conduct data processing for the management of...more
The French Data Protection Authority’s white paper discusses how companies can comply with data privacy and security obligations. The use of card, contactless, and innovative digital payment solutions has significantly...more
As jurisdictions across the world grapple with the effects of the more infectious delta variant, many governments either have taken or are considering more restrictive measures to reduce infection rates and community spread...more
This quarterly update highlights some of the international data protection issues that have caught our attention, and the attention of our clients, in the past three months....more
The Commission nationale de l'informatique et des libertés (CNIL) is the national data protection authority in France. Recently, it announced new guidance on cookies and online trackers (Guidelines). Operators of...more
In a decision (French only) dated 27 February 2020, the French Administrative Court of Marseille invalidated the deliberation of the Provence-Alpes-Côte d’Azur Regional Council which allowed to set up...more
On April 7, 2020, the French Data Protection Authority (the CNIL) published on its website a Q&A on the right to de-listing. The right to de-listing enables a data subject to request from a search engine to remove one or...more
As the coronavirus has spread worldwide to reach pandemic level, employers are putting into place measures group-wide to limit risks of contagion within the work place. Some of these measures have led companies to question...more
The Situation: The European Union's General Data Protection Regulation ("GDPR") has been effective since May 2018 and has resulted in increased requirements for obtaining consent for the processing of personal data. However,...more
Florida Introduces BIPA Legislation - A Florida state senator has introduced an identical version of the Illinois Biometric Information Privacy Act (BIPA)....more
• Non-profit organizations are testing companies’ GDPR compliance through targeted requests for information and other means and are filing complaints against allegedly non-compliant companies. • Main areas for non-profit...more
In this month's edition of our Privacy & Cybersecurity Update, we examine Brazil's new data protection regulation, the French data protection authority's warning to two companies of potential GDPR violations and the U.S....more
In August 2017, the Supreme Court of India passed a judgment in the case of Justice K S Puttuswamy vs Union of India (Supreme Court of India, WRIT PETITION (CIVIL) NO 494 OF 2012), in which fundamental rights, as provided in...more